Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help!

Unread postby gtmaster303 » August 15th, 2010, 10:04 pm

I've tried fairly hard to figure out what's going on, but at this point, i'm at the end of my rope. I've run out of ideas, and i need some help. I'll try to provide as much info as possible. If you need any more info, just say the word, and i'm on it.

I am pretty responsible when it comes to my computer. Never had problems before. I know exactly what i download and install, but for some reason, i have been a wave of problems lately.

LATEST hijackthis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:22:20 PM, on 8/15/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Neil\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: taskmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 5527 bytes

Was watching a movie one night on VLC, and AVG started popping up trojan alerts. I let AVG handle it, and then my computer blue screened shortly thereafter.
restarted and did a virus scan with many infections. lots of trojans and a worm too, i believe.

the only source of problems i can think of is: i do download torrents, but make sure to scan the file with AVG before opening.
Computer symptoms:
AVG warnings (at first, not anymore)
Firefox will randomly pop up new tabs to irrelevant sites for no reason. Links will also get redirected to BS sites.

I checked my processes, and nothing seems out of the ordinary.
I did some clean up with AVG and Malwarebytes' Anti-Malware.
Latest AVG and Malware scans come up clean.
All software is up to date.
The problem still persists though.
Just right now a new tab opened up to this site: hXXp://www.toseeka.com/

Can someone tell me what's going on and how to fix it?
Thanks
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm
Advertisement
Register to Remove

Re: Please help!

Unread postby MWR 3 day Mod » August 19th, 2010, 12:47 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Please help!

Unread postby turtledove » August 19th, 2010, 2:33 am

Hello gtmaster303 and welcome to the forums :)

I am turtledove, and will be assisting you with your log.
If you still need assistance, please do the following:

*Print all instructions or Copy to Notepad for reference.
*Please note, unless I'm notified ahead of time, this topic will close if there is not a response in 3 Days.
*Place a link to this thread in your Favorites/Bookmarks for easily returning here.
*Please respond until I give the all clear, as absence of symptoms does NOT always mean Clean.
*Please do not run any other tools/scans unless requested* Do not install/uninstall anything unless requested
**Please be sure you have read Malware Removal Forum Guidelines and Rules especially P2P Policy
*If you can do the above all should go well.
*If you do not understand a step, please STOP and ASK before proceeding*

**All fixes are for this computer and the current issues on it. Please Do Not use these instructions on another issue or computer.**


Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.



Since it has been some time since your above post, please post the following logs. I will go over the new logs and return as soon as possible.

Next Step: Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Also list any other symptoms; and when listing any sites redirected to, please use hxxp in place if http.
Thank you,

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please help!

Unread postby gtmaster303 » August 19th, 2010, 3:07 pm

LOG
Logfile of random's system information tool 1.08 (written by random/random)
Run by Neil at 2010-08-19 15:01:13
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 90 GB (31%) free of 295 GB
Total RAM: 3062 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:01:38 PM, on 8/19/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Neil\Downloads\RSIT.exe
C:\Program Files\trend micro\Neil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: taskmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 6771 bytes

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\Xogrjdhw.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
HP Print Clips - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-08-31 177504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-15 2065760]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AARC]
C:\Users\Neil\Documents\SYS\albertino.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
C:\Program Files\AIM\aim.exe [2010-04-15 3827544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2007-09-27 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-01 1783136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-10-24 178712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-06-18 671608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-10-09 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sta]
rundll32 iyzgp.dll,,Run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-06-24 247144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
C:\Program Files\CyberLink\YouCam\YouCamTray.exe [2009-10-19 167008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Neil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^albertino.exe]
C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\albertino.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Neil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2010-07-29 503808]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
taskmgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-19 15:01:13 ----D---- C:\rsit
2010-08-18 17:00:11 ----D---- C:\Program Files\Free PDF to Word Doc Converter
2010-08-16 22:21:54 ----D---- C:\ProgramData\AVG Security Toolbar
2010-08-15 23:04:07 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-15 23:04:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-15 22:59:51 ----D---- C:\Program Files\VS Revo Group
2010-08-14 18:08:27 ----D---- C:\Users\Neil\AppData\Roaming\Malwarebytes
2010-08-14 18:08:20 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-14 18:08:19 ----D---- C:\ProgramData\Malwarebytes
2010-08-14 18:08:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-14 18:08:19 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-14 18:01:10 ----D---- C:\Program Files\Trend Micro
2010-08-13 22:06:31 ----D---- C:\Windows\Minidump
2010-08-13 22:01:43 ----RASH---- C:\Windows\system32\IMJP10KF.dll
2010-08-13 22:00:38 ----D---- C:\ProgramData\Update
2010-08-13 10:36:30 ----A---- C:\Windows\system32\mshtml.dll
2010-08-13 10:36:30 ----A---- C:\Windows\system32\iertutil.dll
2010-08-13 10:36:29 ----A---- C:\Windows\system32\ieframe.dll
2010-08-13 10:36:28 ----A---- C:\Windows\system32\wininet.dll
2010-08-13 10:36:28 ----A---- C:\Windows\system32\urlmon.dll
2010-08-13 10:36:28 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-13 10:36:28 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-13 10:36:28 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-13 10:36:27 ----A---- C:\Windows\system32\occache.dll
2010-08-13 10:36:27 ----A---- C:\Windows\system32\mstime.dll
2010-08-13 10:36:27 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-13 10:36:27 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-13 10:36:27 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-13 10:36:27 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-13 10:36:27 ----A---- C:\Windows\system32\ieui.dll
2010-08-13 10:36:27 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-13 10:36:27 ----A---- C:\Windows\system32\iesetup.dll
2010-08-13 10:36:27 ----A---- C:\Windows\system32\iernonce.dll
2010-08-13 10:36:27 ----A---- C:\Windows\system32\iepeers.dll
2010-08-13 10:36:26 ----A---- C:\Windows\system32\iccvid.dll
2010-08-13 10:36:25 ----A---- C:\Windows\system32\schannel.dll
2010-08-13 10:36:22 ----A---- C:\Windows\system32\win32k.sys
2010-08-13 10:36:20 ----A---- C:\Windows\system32\rtutils.dll
2010-08-13 10:36:06 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-13 10:36:05 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-13 10:36:03 ----A---- C:\Windows\system32\msxml3.dll
2010-08-13 10:36:01 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-13 10:36:01 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-13 10:35:58 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-12 12:00:02 ----D---- C:\Program Files\LimeWire
2010-08-12 11:47:20 ----D---- C:\Program Files\uTorrent
2010-08-02 23:47:37 ----A---- C:\Windows\system32\shell32.dll

======List of files/folders modified in the last 1 months======

2010-08-19 15:01:38 ----D---- C:\Windows\Prefetch
2010-08-19 13:18:38 ----D---- C:\Windows\System32
2010-08-19 13:18:38 ----D---- C:\Windows\inf
2010-08-19 13:18:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-19 10:20:29 ----D---- C:\Windows\Temp
2010-08-19 10:20:25 ----D---- C:\Windows\system32\drivers\Avg
2010-08-19 01:19:28 ----SHD---- C:\Windows\Installer
2010-08-18 17:00:11 ----D---- C:\Program Files
2010-08-16 22:21:54 ----HD---- C:\ProgramData
2010-08-15 22:58:21 ----D---- C:\Users\Neil\AppData\Roaming\LimeWire
2010-08-14 21:33:15 ----D---- C:\Windows\Web
2010-08-14 21:33:14 ----D---- C:\Windows\system32\drivers
2010-08-14 21:32:06 ----D---- C:\Windows\Tasks
2010-08-14 19:24:30 ----D---- C:\Windows\Microsoft.NET
2010-08-14 19:22:45 ----RSD---- C:\Windows\assembly
2010-08-14 17:53:48 ----D---- C:\ProgramData\avg9
2010-08-14 15:19:39 ----D---- C:\Windows\system32\Tasks
2010-08-13 22:46:13 ----D---- C:\Windows\rescache
2010-08-13 22:16:08 ----D---- C:\WINDOWS
2010-08-13 15:12:35 ----D---- C:\Windows\winsxs
2010-08-13 13:20:10 ----D---- C:\Windows\system32\migration
2010-08-13 13:20:10 ----D---- C:\Program Files\Internet Explorer
2010-08-13 13:20:09 ----D---- C:\Program Files\Movie Maker
2010-08-13 10:49:30 ----D---- C:\Program Files\Microsoft Works
2010-08-13 10:48:37 ----A---- C:\Windows\win.ini
2010-08-13 10:40:41 ----D---- C:\Windows\system32\catroot
2010-08-13 10:40:34 ----D---- C:\Program Files\Windows Mail
2010-08-13 10:40:30 ----D---- C:\Windows\system32\catroot2
2010-08-13 10:40:25 ----D---- C:\System Volume Information
2010-08-12 11:57:17 ----D---- C:\Program Files\WinRAR
2010-08-12 11:56:48 ----D---- C:\Users\Neil\AppData\Roaming\uTorrent
2010-08-08 22:31:00 ----HD---- C:\Windows\system32\GroupPolicy
2010-08-03 14:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-23 23:38:25 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-09 1970712]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-17 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-20 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-28 2222080]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\Windows\System32\DRIVERS\vserial.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-20 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-24 358936]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2006-05-02 135168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]
S3 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]
S3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------


INFO
info.txt logfile of random's system information tool 1.08 2010-08-19 15:01:40

======Uninstall list======

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
AIM 7-->C:\Program Files\AIM\uninst.exe
Amazon Kindle For PC v1.0-->C:\Program Files\Amazon\Kindle For PC\uninstall.exe
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Smart Web Printing-->msiexec /i{082F8ABA-84D5-4837-9DFC-F365D91A07D4}
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LimeWire 5.5.13-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp
Nokia Connectivity Cable Driver-->MsiExec.exe /I{1B9B5B3B-28E7-4E59-A80D-D670AA984514}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{A0D65C73-F2C5-432F-8788-90F8A2E99B98}
Nokia Ovi Suite-->C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
Nokia Ovi Suite-->MsiExec.exe /X{7B01FD07-1790-4EE9-B5E0-149527D70C7D}
Nokia PC Suite-->C:\ProgramData\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_us_web.exe
Nokia PC Suite-->MsiExec.exe /I{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}
Nokia Software Updater-->MsiExec.exe /X{09C468CA-2940-466A-AAE8-DCC0C6E9323C}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Ovi Desktop Sync Engine-->MsiExec.exe /X{2D10FC46-1D96-44C4-8855-85F21B9B011E}
OviMPlatform-->MsiExec.exe /I{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}
PC Connectivity Solution-->MsiExec.exe /I{089DD780-DB3F-4CDB-A0C2-111360247298}
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.89-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Mario 3 : Mario Forever-->C:\Program Files\softendo.com\Mario Forever\Uninstal.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TomTom HOME 2.7.5.2014-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wnjiper-->MsiExec.exe /I{3B1D6DF0-EAA2-012B-AE51-000000000000}
TurboTax 2009 wnyiper-->MsiExec.exe /I{3B8186F0-EAA2-012B-AE69-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009-->C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 1.1.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_3a2e1afb\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_d5bc047a\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender

======System event log======

Computer Name: Neil-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB936330(Service Pack) into Installed(Installed) state
Record Number: 113160
Source Name: Microsoft-Windows-Servicing
Time Written: 20100813150158.000000-000
Event Type: Warning
User: Neil-PC\Neil

Computer Name: Neil-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package RemoteAssistance_en-US(Language Pack) into Installed(Installed) state
Record Number: 113159
Source Name: Microsoft-Windows-Servicing
Time Written: 20100813150158.000000-000
Event Type: Warning
User: Neil-PC\Neil

Computer Name: Neil-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package RemoteAssistance(Feature Pack) into Installed(Installed) state
Record Number: 113158
Source Name: Microsoft-Windows-Servicing
Time Written: 20100813150158.000000-000
Event Type: Warning
User: Neil-PC\Neil

Computer Name: Neil-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package Client-Features(Feature Pack) into Installed(Installed) state
Record Number: 113157
Source Name: Microsoft-Windows-Servicing
Time Written: 20100813150158.000000-000
Event Type: Warning
User: Neil-PC\Neil

Computer Name: Neil-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package Windows Foundation(Foundation) into Installed(Installed) state
Record Number: 113156
Source Name: Microsoft-Windows-Servicing
Time Written: 20100813150158.000000-000
Event Type: Warning
User: Neil-PC\Neil

=====Application event log=====

Computer Name: Neil-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 143
Source Name: Microsoft-Windows-WMI
Time Written: 20100106025609.000000-000
Event Type: Error
User:

Computer Name: Neil-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1209350316-3647775725-453180617-1000:
Process 692 (\Device\HarddiskVolume2\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1209350316-3647775725-453180617-1000

Record Number: 118
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100106025156.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Neil-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0bd37739-f83b-42f9-b490-b11d3e8e44e3}
Record Number: 97
Source Name: VSS
Time Written: 20100106023338.000000-000
Event Type: Error
User:

Computer Name: Neil-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 79
Source Name: MsiInstaller
Time Written: 20100106022547.000000-000
Event Type: Warning
User: Neil-PC\Neil

Computer Name: Neil-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0bd37739-f83b-42f9-b490-b11d3e8e44e3}
Record Number: 64
Source Name: VSS
Time Written: 20100106021954.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Neil-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-03IYYPCUIKX$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2dc
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 484
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100106021955.459000-000
Event Type: Audit Success
User:

Computer Name: Neil-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 483
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100106021952.432600-000
Event Type: Audit Success
User:

Computer Name: Neil-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-03IYYPCUIKX$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2dc
Process Name: C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 482
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100106021952.432600-000
Event Type: Audit Success
User:

Computer Name: Neil-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-03IYYPCUIKX$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2dc
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 481
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100106021952.432600-000
Event Type: Audit Success
User:

Computer Name: Neil-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1209350316-3647775725-453180617-1000
Account Name: Neil
Domain Name: Neil-PC
Logon ID: 0x103b22
Record Number: 480
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100106021950.373400-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"USERPART"=E:

-----------------EOF-----------------



I don't have any sites at the moment, but can keep track of them. Would you like me to post them as they come along?
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm

Re: Please help!

Unread postby turtledove » August 20th, 2010, 12:56 am

Good evening gtmaster303,

Thank you for the logs. Only post sites you come across along with what I ask to post. remember to replace http with hxxp.
Please copy or print out these instructions for easy reference. Read through them first and ask if uncertain of any steps.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.


    utorrent
    Limewire



  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Uninstall outdated programs

Uninstall the following:
HijackThis 2.0.2 Already has New Version
Java(TM) 6 Update 20
****Spybot - Search & Destroy --->>> We can re-install this after your computer is clean. This avoids some issues with fixes we may do.


Please make an Uninstall list
To access the Uninstall Manager, please do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here on your next reply.



Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



Post
Uninstall list from HijackThis
CKFiles.txt
Any new issues

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please help!

Unread postby gtmaster303 » August 20th, 2010, 11:34 pm

UNINSTALL LIST
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player
AIM 7
Amazon Kindle For PC v1.0
AVG Free 9.0
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
CyberLink YouCam
CyberLink YouCam
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Suite
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
LabelPrint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.6.8)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
OGA Notifier 2.0.0048.0
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PowerDirector
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Skype™ 4.1
Super Mario 3 : Mario Forever
Synaptics Pointing Device Driver
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnjiper
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.1.2
WeatherBug Gadget
Winamp
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Media Player Firefox Plugin
WinRAR archiver

CK FILE
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\bejeweled 2 deluxe\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\users\neil\downloads\nokia 5800\spb_software.spb_mobile_shell.v3.5.0.s60v5.symbianos9.4..cracked-kfpda_signed.sis
c:\users\neil\downloads\nokia 5800\mega_pack_for_5800xm\mega_pack_for_5800xm\advanced.phone.lock.v1.02.2x.s60v3.symbianos9.4.unsigned.cracked-binpda.rar
c:\users\neil\downloads\nokia 5800\nokia 5800 mega pack [signedapps] [games] [wallpapers]\applications\office suite 4.60\keygen.exe
c:\users\neil\downloads\programs\bejeweled 2 -deluxe- (reflexive games) (cracked) (direct play) [blaze69]\bejeweled 2 deluxe.7z
c:\users\neil\downloads\programs\bejeweled 2 -deluxe- (reflexive games) (cracked) (direct play) [blaze69]\dxwebsetup.exe
c:\users\neil\downloads\programs\bejeweled 2 -deluxe- (reflexive games) (cracked) (direct play) [blaze69]\torrent_downloaded_from_demonoid.com.txt
c:\users\neil\downloads\programs\limewire pro 5.5.13 + crack\limewire pro 5.5.13 + crack.rar
c:\users\neil\downloads\programs\limewire pro 5.5.13 + crack\[info].txt
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\torrent downloaded from demonoid.com.txt
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\winamp5581_pro_all.exe
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\keygen\core.nfo
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\keygen\core10k.exe
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\keygen\file_id.diz
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\keygen\idr_music2
scanner sequence 3.DK.11
----- EOF -----


I don't even really need spybot back. I only downloaded it to solve my problem, which hasn't worked.
Website that popped up as I was typing to you: hxxp://lpgen.info/mylpgen/registry-erro ... r0?c=camp1
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm

Re: Please help!

Unread postby turtledove » August 21st, 2010, 12:51 am

Good evening gtmaster303,

Thank you for the logs. I'll be back as soon as possible with further advice.
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please help!

Unread postby turtledove » August 21st, 2010, 4:50 pm

Good day gtmaster303,


Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software and that you are actively using it.

c:\program files\bejeweled 2 deluxe\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\users\neil\downloads\nokia 5800\spb_software.spb_mobile_shell.v3.5.0.s60v5.symbianos9.4..cracked-kfpda_signed.sis
c:\users\neil\downloads\nokia 5800\mega_pack_for_5800xm\mega_pack_for_5800xm\advanced.phone.lock.v1.02.2x.s60v3.symbianos9.4.unsigned.cracked-binpda.rar
c:\users\neil\downloads\nokia 5800\nokia 5800 mega pack [signedapps] [games] [wallpapers]\applications\office suite 4.60\keygen.exe
c:\users\neil\downloads\programs\bejeweled 2 -deluxe- (reflexive games) (cracked) (direct play) [blaze69]\bejeweled 2 deluxe.7z
c:\users\neil\downloads\programs\bejeweled 2 -deluxe- (reflexive games) (cracked) (direct play) [blaze69]\dxwebsetup.exe
c:\users\neil\downloads\programs\bejeweled 2 -deluxe- (reflexive games) (cracked) (direct play) [blaze69]\torrent_downloaded_from_demonoid.com.txt
c:\users\neil\downloads\programs\limewire pro 5.5.13 + crack\limewire pro 5.5.13 + crack.rar
c:\users\neil\downloads\programs\limewire pro 5.5.13 + crack\[info].txt
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\torrent downloaded from demonoid.com.txt
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\winamp5581_pro_all.exe
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\keygen\core.nfo
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\keygen\core10k.exe
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\keygen\file_id.diz
c:\users\neil\downloads\programs\winamp.v5.581.build.2985.incl.keygen-core\keygen\idr_music2
scanner sequence 3.DK.11



Our forum policy Here says we will not help people who use cracked or pirated software.
You likely got infected by using cracked software or visiting crack sites.
Hence, i would like you to remove all the crack/keygen applications that are present on your system

NOTE: If you give me advice that the software/Keygens have been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.
Please decide what you are going to do & let me know.

Please go to Start> Control Panel> Programs and Features>
Select each program listed up above if present
Select un-install for each item. Empty them the folders they were downloaded to as well.

Please rerun HijackThis Uninstall List
To access the Uninstall Manager, please do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here on your next reply.


Please rerun CKScanner
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Post
New CKFiles.txt
New Uninstall List
Any items not found/uninstallable so we can get them removed.


Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please help!

Unread postby gtmaster303 » August 22nd, 2010, 2:42 pm

I have made an effort to uninstall all cracked programs from my computer.
If there are any others, please let me know because I don't see any others on my computer.

Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player
AIM 7
Amazon Kindle For PC v1.0
AVG Free 9.0
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
CyberLink YouCam
CyberLink YouCam
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Suite
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
LabelPrint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.6.8)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
OGA Notifier 2.0.0048.0
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PowerDirector
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Skype™ 4.1
Super Mario 3 : Mario Forever
Synaptics Pointing Device Driver
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnjiper
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.1.2
WeatherBug Gadget
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Media Player Firefox Plugin
WinRAR archiver


CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm

Re: Please help!

Unread postby turtledove » August 22nd, 2010, 7:34 pm

Good Day gtmaster303,

Thank you, good job.
We will get rid of any remaining files/folders later if found.

Print or copy instructions for easy reference.
With all tools: Right Click and select Run as Administrator


Please download GMER Rootkit Scanner from Here.
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image


  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Post
GMER.txt
Any problems or new issues

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please help!

Unread postby gtmaster303 » August 23rd, 2010, 12:28 am

Another website pop up: hxxp://www.juggle.com/search/?q=malware ... 6&medium=R

I was unable to run the program. Did it 3 times. twice with firefox running in the background and once right off of startup with no other programs running, other than startup programs. My computer crashed each time. Blue screen of death. am i doing something wrong?
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm

Re: Please help!

Unread postby turtledove » August 23rd, 2010, 12:57 am

Good evening gtmaster303,

Be sure you right click on the GMER icon and choose Run as administrator to run GMER. If that was done, we'll take a different approach.
Be sure also as you note after trying from a fresh boot up that no other programs are open.

Let me know please.

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please help!

Unread postby gtmaster303 » August 23rd, 2010, 11:27 pm

hxxp://spacelift.mevio.com/?utm_source= ... ium=7bd9ac

I am the administrator on this computer. but even then, i followed what you said. Went to the file manually, and ran as administrator.
Blue screened almost immediately. Scan refuses to work without crashing my computer
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm

Re: Please help!

Unread postby turtledove » August 24th, 2010, 12:24 am

Good Day/Evening gtmaster303

Please try the following: If this doesn't give results, we have other avenues to take.

Please download DeFogger to your desktop.

Right click DeFogger And select " Run as administrator " to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.



Please Retry GMER Rootkit Scanner from
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image


  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.



----------------------------------------------------
Try GMER in Safe Mode if the above did not work
Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Follow the above procedure for GMER.


Post
Post Any problems
GMER log if GMER ran

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please help!

Unread postby gtmaster303 » August 25th, 2010, 11:24 am

hxxp://www.localtribune.org/Finance/Job ... 113594_ron

wow, you reply fast. i'm sorry, but i'm out of town right now. If i take a little longer than three days to reply, please don't close this thread. i will try to reply as soon as i can.
i ran the defogger.
defogger did not ask me reboot, but i did so manually.
ran GMER and the program crashed. i opened and tried running the program again, and my computer crashed. blue screen of death.
same thing happened when i rebooted into safe mode, straight from the first crash. program crashed on first attempt. computer crashed on second attempt.
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware