Free Malware Removal Forum

[shelia]

computer running really slow
task manager shows ping exe
which seems to be the culprit.
when the process is ended, the cpu
usage goes down, and shortly thereafter,
it reappears and the cpu goes to 100% again

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Owner at 17:26:11 on 2011-11-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.217 [GMT -5:00]
.
AV: Norton AntiVirus 2005 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Internet Worm Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en
uDefault_Page_URL = hxxp://us8.hpwis.com/
uDefault_Search_URL = hxxp://srch-us8.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us8.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
IE: &Dictionary - http://www.ezreference.com/_/ie-com-sp.htm
IE: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-sp.htm
IE: &Search - ?p=ZKfox000
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
Trusted Zone: //rhapapp.real.com/
Trusted Zone: listen.com\www
Trusted Zone: llnwd.net
Trusted Zone: real.com
Trusted Zone: real.com\rhapapp
Trusted Zone: realone.com\i
Trusted Zone: rhapsody.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0309.cab
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://host.cycore.net/plugins/windows/ ... .0.228.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... t/opuc.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/ ... leaner.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://ca.com/us/securityadvisor/pestscan/pestscan.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se8300.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 8232800038
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol ... 0.84.2.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/vi ... ebscan.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/defaul ... uncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/C ... 7884.38875
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v ... b56649.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/Game ... meHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553539600} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E9348280-2D74-4933-BE25-73D946926795} - hxxp://h20270.www2.hp.com/ediags/gmn/in ... ction3.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0723644E-0885-4B83-ACEC-891E530A0F47} : DhcpNameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
TCP: Interfaces\{67411ACD-F722-47C1-B76A-8B39717AF81B} : DhcpNameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{EDC25C89-A6D0-4D02-89F9-AA95E9F9B2C5} : DhcpNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\cukv1iy4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-11-7 217032]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-4-27 13496]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKslaed40eb8;MpKslaed40eb8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba46df7d-f706-41cf-8cb9-d8d83a89d4a5}\MpKslaed40eb8.sys [2011-11-8 28752]
R1 MpKslb88febbe;MpKslb88febbe;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba46df7d-f706-41cf-8cb9-d8d83a89d4a5}\MpKslb88febbe.sys [2011-11-8 28752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2011-11-7 112592]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 606056]
R4 RegFilter;RegFilter;\??\c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\regfilter.sys --> c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\regfilter.sys [?]
R4 UrlFilter;UrlFilter;\??\c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\urlfilter.sys --> c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [?]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 MpKsl1a01b551;MpKsl1a01b551;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e54259a-6fdb-4f5e-b8b5-69700fdbed67}\mpksl1a01b551.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e54259a-6fdb-4f5e-b8b5-69700fdbed67}\MpKsl1a01b551.sys [?]
S1 MpKsl224ed0c5;MpKsl224ed0c5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{811e6bbd-661e-4faf-8022-060d105e8b96}\mpksl224ed0c5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{811e6bbd-661e-4faf-8022-060d105e8b96}\MpKsl224ed0c5.sys [?]
S1 MpKsl5587e3fd;MpKsl5587e3fd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73b3f987-91b1-419f-a6ec-af24c51b5d49}\mpksl5587e3fd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73b3f987-91b1-419f-a6ec-af24c51b5d49}\MpKsl5587e3fd.sys [?]
S1 MpKsla0d6cefb;MpKsla0d6cefb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8de40d87-7055-4887-8d3d-44e267443eca}\mpksla0d6cefb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8de40d87-7055-4887-8d3d-44e267443eca}\MpKsla0d6cefb.sys [?]
S1 MpKsladd0fc8c;MpKsladd0fc8c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5a11b074-4b03-46dd-95e6-6e6a20dfc028}\mpksladd0fc8c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5a11b074-4b03-46dd-95e6-6e6a20dfc028}\MpKsladd0fc8c.sys [?]
S1 MpKslaf82b1fd;MpKslaf82b1fd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4bd7069c-69fe-4ade-ad01-7b6bd0d3538c}\mpkslaf82b1fd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4bd7069c-69fe-4ade-ad01-7b6bd0d3538c}\MpKslaf82b1fd.sys [?]
S1 MpKslec5a8081;MpKslec5a8081;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{debe26cc-9fe2-43e7-88c9-cadd3096eaaa}\mpkslec5a8081.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{debe26cc-9fe2-43e7-88c9-cadd3096eaaa}\MpKslec5a8081.sys [?]
S1 MpKslede7594f;MpKslede7594f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{42c2c36a-3687-4d6c-9614-0322cf3d6152}\mpkslede7594f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{42c2c36a-3687-4d6c-9614-0322cf3d6152}\MpKslede7594f.sys [?]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [2004-3-7 15104]
S2 mrtRate;mrtRate; [x]
S3 Ips3hcih_d;Ips3hcih_d; [x]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-11-7 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-11-7 1142224]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-08 20:20:15 -------- d-----w- c:\program files\CCleaner
2011-11-08 19:07:09 -------- d-----w- c:\documents and settings\all users\application data\IObit
2011-11-08 19:06:37 54016 ----a-w- c:\windows\system32\drivers\nfmnsbqo.sys
2011-11-08 15:46:48 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba46df7d-f706-41cf-8cb9-d8d83a89d4a5}\MpKslb88febbe.sys
2011-11-08 15:03:57 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-08 15:03:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 05:09:53 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba46df7d-f706-41cf-8cb9-d8d83a89d4a5}\MpKslaed40eb8.sys
2011-11-08 05:08:36 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba46df7d-f706-41cf-8cb9-d8d83a89d4a5}\offreg.dll
2011-11-08 05:08:20 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba46df7d-f706-41cf-8cb9-d8d83a89d4a5}\mpengine.dll
2011-11-07 22:40:14 -------- d-----w- c:\documents and settings\owner\local settings\application data\Threat Expert
2011-11-07 22:27:05 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-07 22:27:04 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-07 22:27:01 165840 ----a-w- c:\windows\PCTBDRes.dll
2011-11-07 22:27:01 1652688 ----a-w- c:\windows\PCTBDCore.dll
2011-11-07 22:07:10 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-07 22:06:06 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-07 22:06:05 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-07 22:04:31 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-07 22:02:03 -------- d-----w- c:\program files\common files\PC Tools
2011-11-07 22:02:01 -------- d-----w- c:\program files\Spyware Doctor
2011-11-07 22:02:01 -------- d-----w- c:\documents and settings\owner\application data\PC Tools
2011-11-07 22:02:01 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-11-07 21:51:05 -------- d-----w- c:\documents and settings\owner\application data\CzONyxA1uSoFpGs
2011-11-07 21:51:04 -------- d-----w- c:\documents and settings\owner\application data\konG4amH6W7E9Tq
2011-11-07 21:22:50 -------- d-----w- c:\documents and settings\owner\application data\Y2ibD3pnGaHdKfL
2011-11-07 21:22:50 -------- d-----w- c:\documents and settings\owner\application data\fjUCelIBtPyAiDo
2011-11-07 21:01:44 -------- d-----w- c:\documents and settings\owner\application data\yA1uvD2ob4m
2011-11-07 21:01:44 -------- d-----w- c:\documents and settings\owner\application data\oS1ibD3on4Q6W7R
2011-11-07 20:45:32 -------- d-----w- c:\documents and settings\owner\application data\Y4amH6sWKfLgXjC
2011-11-07 20:27:33 -------- d-----w- c:\documents and settings\owner\application data\xTXqjYCekBzNx1v
2011-11-07 20:22:37 -------- d-----w- c:\documents and settings\owner\application data\z3pmG5aQJdKfZhX
2011-11-07 20:22:09 -------- d-----w- c:\documents and settings\owner\application data\t0ucS2ibFpaJdKf
2011-11-07 20:22:08 -------- d-----w- c:\documents and settings\owner\application data\SBtxP0ucSi
2011-11-01 21:45:15 1409 ----a-w- c:\windows\QTFont.for
2011-10-29 17:49:24 -------- d-----w- c:\windows\{7EBEACC7-A0C9-4DA4-9A63-3DC7D244B051}
2011-10-29 17:12:55 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2011-10-29 17:12:38 -------- d-----w- c:\program files\Belkin
2011-10-29 17:12:38 -------- d-----w- c:\documents and settings\all users\application data\Affinegy
.
==================== Find3M ====================
.
2011-10-13 21:55:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2003-08-27 19:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
.
============= FINISH: 17:31:42.59 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/20/2003 11:33:58 AM
System Uptime: 11/8/2011 10:44:26 AM (7 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 107 GiB total, 63.821 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.784 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80B31043&REV_10\4&2E98101C&0&78F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80B31043&REV_10\4&2E98101C&0&78F0
Service: RTL8023xp
.
==== System Restore Points ===================
.
RP1819: 9/11/2011 3:27:37 AM - Software Distribution Service 3.0
RP1820: 9/12/2011 12:07:26 AM - Software Distribution Service 3.0
RP1821: 9/12/2011 3:34:16 AM - Software Distribution Service 3.0
RP1822: 9/13/2011 12:28:53 AM - Software Distribution Service 3.0
RP1823: 9/13/2011 3:46:37 AM - Software Distribution Service 3.0
RP1824: 9/14/2011 12:39:59 AM - Software Distribution Service 3.0
RP1825: 9/14/2011 6:17:39 PM - Software Distribution Service 3.0
RP1826: 9/14/2011 7:17:52 PM - Software Distribution Service 3.0
RP1827: 9/15/2011 8:16:51 PM - System Checkpoint
RP1828: 9/15/2011 11:56:48 PM - Software Distribution Service 3.0
RP1829: 9/16/2011 6:09:18 PM - Software Distribution Service 3.0
RP1830: 9/17/2011 6:12:08 PM - Software Distribution Service 3.0
RP1831: 9/18/2011 6:17:00 PM - Software Distribution Service 3.0
RP1832: 9/19/2011 6:31:13 PM - Software Distribution Service 3.0
RP1833: 9/20/2011 7:40:22 PM - System Checkpoint
RP1834: 9/21/2011 1:14:19 AM - Software Distribution Service 3.0
RP1835: 9/21/2011 6:30:28 AM - Software Distribution Service 3.0
RP1836: 9/22/2011 1:40:56 AM - Software Distribution Service 3.0
RP1837: 9/22/2011 6:26:41 AM - Software Distribution Service 3.0
RP1838: 9/23/2011 12:11:01 AM - Software Distribution Service 3.0
RP1839: 9/23/2011 6:26:35 AM - Software Distribution Service 3.0
RP1840: 9/24/2011 12:08:16 AM - Software Distribution Service 3.0
RP1841: 9/24/2011 6:26:57 AM - Software Distribution Service 3.0
RP1842: 9/25/2011 12:07:38 AM - Software Distribution Service 3.0
RP1843: 9/25/2011 7:49:02 PM - Software Distribution Service 3.0
RP1844: 9/26/2011 7:50:39 PM - Software Distribution Service 3.0
RP1845: 9/27/2011 7:50:11 PM - Software Distribution Service 3.0
RP1846: 9/28/2011 9:09:47 AM - Software Distribution Service 3.0
RP1847: 9/28/2011 7:50:48 PM - Software Distribution Service 3.0
RP1848: 9/29/2011 6:09:50 PM - Installed calibre
RP1849: 9/29/2011 7:50:18 PM - Software Distribution Service 3.0
RP1850: 9/30/2011 7:49:23 PM - Software Distribution Service 3.0
RP1851: 10/1/2011 7:49:19 PM - Software Distribution Service 3.0
RP1852: 10/2/2011 7:49:13 PM - Software Distribution Service 3.0
RP1853: 10/3/2011 7:48:27 PM - Software Distribution Service 3.0
RP1854: 10/4/2011 7:47:57 PM - Software Distribution Service 3.0
RP1855: 10/5/2011 7:46:51 PM - Software Distribution Service 3.0
RP1856: 10/6/2011 7:47:11 PM - Software Distribution Service 3.0
RP1857: 10/7/2011 7:48:05 PM - Software Distribution Service 3.0
RP1858: 10/8/2011 7:52:18 PM - System Checkpoint
RP1859: 10/8/2011 11:54:24 PM - Software Distribution Service 3.0
RP1860: 10/9/2011 11:54:44 PM - Software Distribution Service 3.0
RP1861: 10/10/2011 11:55:10 PM - Software Distribution Service 3.0
RP1862: 10/11/2011 11:55:26 PM - Software Distribution Service 3.0
RP1863: 10/12/2011 12:10:24 AM - Software Distribution Service 3.0
RP1864: 10/12/2011 11:55:49 PM - Software Distribution Service 3.0
RP1865: 10/13/2011 5:23:34 PM - Software Distribution Service 3.0
RP1866: 10/13/2011 11:33:15 PM - Software Distribution Service 3.0
RP1867: 10/14/2011 5:59:58 PM - Software Distribution Service 3.0
RP1868: 10/15/2011 6:00:32 PM - Software Distribution Service 3.0
RP1869: 10/16/2011 6:00:21 PM - Software Distribution Service 3.0
RP1870: 10/17/2011 6:00:24 PM - Software Distribution Service 3.0
RP1871: 10/18/2011 6:00:43 PM - Software Distribution Service 3.0
RP1872: 10/18/2011 8:10:49 PM - Software Distribution Service 3.0
RP1873: 10/19/2011 6:00:39 PM - Software Distribution Service 3.0
RP1874: 10/20/2011 4:31:15 AM - Microsoft Antimalware Checkpoint
RP1875: 10/20/2011 5:59:31 PM - Software Distribution Service 3.0
RP1876: 10/21/2011 5:59:12 PM - Software Distribution Service 3.0
RP1877: 10/22/2011 6:07:43 PM - Software Distribution Service 3.0
RP1878: 10/23/2011 5:57:36 PM - Software Distribution Service 3.0
RP1879: 10/24/2011 5:57:38 PM - Software Distribution Service 3.0
RP1880: 10/25/2011 5:57:07 PM - Software Distribution Service 3.0
RP1881: 10/26/2011 5:57:16 PM - Software Distribution Service 3.0
RP1882: 10/27/2011 6:33:10 PM - System Checkpoint
RP1883: 10/27/2011 11:55:02 PM - Software Distribution Service 3.0
RP1884: 10/28/2011 11:53:15 PM - Software Distribution Service 3.0
RP1885: 10/29/2011 1:49:57 PM - Installed Belkin USB Wireless Adaptor
RP1886: 10/30/2011 8:32:32 AM - Software Distribution Service 3.0
RP1887: 10/31/2011 12:29:02 AM - Software Distribution Service 3.0
RP1888: 10/31/2011 8:26:59 AM - Software Distribution Service 3.0
RP1889: 11/1/2011 12:29:11 AM - Software Distribution Service 3.0
RP1890: 11/1/2011 8:25:59 AM - Software Distribution Service 3.0
RP1891: 11/2/2011 12:29:21 AM - Software Distribution Service 3.0
RP1892: 11/2/2011 8:26:52 AM - Software Distribution Service 3.0
RP1893: 11/3/2011 12:30:01 AM - Software Distribution Service 3.0
RP1894: 11/3/2011 8:26:49 AM - Software Distribution Service 3.0
RP1895: 11/4/2011 12:28:16 AM - Software Distribution Service 3.0
RP1896: 11/4/2011 8:27:17 AM - Software Distribution Service 3.0
RP1897: 11/5/2011 12:28:16 AM - Software Distribution Service 3.0
RP1898: 11/5/2011 5:38:25 AM - Microsoft Antimalware Checkpoint
RP1899: 11/5/2011 8:27:19 AM - Software Distribution Service 3.0
RP1900: 11/5/2011 11:28:08 PM - Software Distribution Service 3.0
RP1901: 11/6/2011 8:27:37 AM - Software Distribution Service 3.0
RP1902: 11/7/2011 12:29:01 AM - Software Distribution Service 3.0
RP1903: 11/7/2011 8:25:44 AM - Software Distribution Service 3.0
RP1904: 11/7/2011 9:56:13 AM - Microsoft Antimalware Checkpoint
RP1905: 11/7/2011 4:12:45 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1906: 11/7/2011 5:22:48 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1907: 11/8/2011 12:07:52 AM - Software Distribution Service 3.0
RP1908: 11/8/2011 3:08:17 PM - Microsoft Antimalware Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
1310
1310_Help
1310Tour
1310Trb
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.0.8 Professional
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
AiO_Scan
AiOSoftware
Apple Application Support
Apple Software Update
ArcSoft Picture Software
AVG 2011
Belarc Advisor 7.1
Belkin Setup and Router Monitor
Belkin USB Wireless Adaptor
BitTornado 0.3.17
Browser Defender 2.0.6.15
BufferChm
calibre
CCleaner
Compatibility Pack for the 2007 Office system
Copy
Creative DVD Audio Plugin for Audigy Series
CreativeProjects
CreativeProjectsTemplates
CueTour
Cypress USB Mass Storage Driver Installation
DesignPro 5
Destinations
Director
DocProc
DocumentViewer
Dropbox
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Encore Software's Slot City 2 Plus Video Poker
Enhanced Multimedia Keyboard Solution
Eudora
Exact Audio Copy v0.9 beta 4
Facebook Plug-In
Fax
FLAC Installer 1.1.0k (remove only)
GdiplusUpgrade
GIMP 2.4.6
Google Chrome
Google Earth
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet printer preloaded drivers
HP Diagnostic Assistant
HP Digital Imaging Album Printing 1.0
HP Driver Diagnostics
HP Image Zone 4.2
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.2 - Photosmart Cameras
HP Photosmart printers preloaded drivers
HP PSC & OfficeJet 4.2
HP Software Update
HPODiscovery
HpSdpAppCoreApp
HPSystemDiagnostics
Image Resizer Powertoy for Windows XP
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD 6
InterVideo WinDVD Player
iTunes
Jasc Paint Shop Pro 8
Java Auto Updater
Java(TM) 6 Update 24
K-Lite Codec Pack 3.5.0 Full
LightScribe Diagnostic Utility
LightScribe System Software 1.12.33.2
Macromedia Flash Player
MakeTorrent v2.1
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 4.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 2000
MicroStaff WINASPI
mkw Audio Compression Toolkit
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.13)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Napster
Nero 7 Essentials
neroxml
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPass
Overland
PC-Doctor for Windows
Photo Story 3 for Windows
PhotoGallery
PIXresizer 1.0.9
PrintScreen
ProductContext
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2003 New User Edition
QuickProjects
QuickTime
Readme
RecordNow
Roxio Easy Media Creator 7
S3Display
S3Gamma2
S3Info2
S3Overlay
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Shockwave
ShowBiz DVD
Simple Backup for My Pictures
Simple Installer - Multilanguage Version
SkinsHP1
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
Snood for Windows version 3.52-W
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Spyware Doctor 7.0
swMSM
The Psychedelic Bus of Dead Knowledge
TMPGEnc DVD Author 1.6
toolkit
TrayApp
Unload
Unlocker 1.8.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Updates from HP
USB Storage Adapter FX (SM1)
VideoLAN VLC media player 0.8.6d
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Weblink
WebReg
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 9 Series SDK
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.1
WordPerfect Productivity Pack
.
==== Event Viewer Messages From Past Week ========
.
11/8/2011 7:53:19 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/8/2011 2:48:25 PM, error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).
11/8/2011 11:39:42 AM, error: Service Control Manager [7016] - The GEARSecurity service has reported an invalid current state 0.
11/8/2011 10:44:06 AM, error: Service Control Manager [7000] - The Genesys Logic USB Scanner Controller NT 5.0 service failed to start due to the following error: The system cannot find the file specified.
11/7/2011 6:34:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp Lbd szkg5 szkgfs
11/7/2011 6:15:55 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 6 time(s).
11/7/2011 6:04:40 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 5 time(s).
11/7/2011 5:49:00 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 4 time(s).
11/7/2011 5:44:15 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 3 time(s).
11/7/2011 5:38:22 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s).
11/7/2011 5:32:16 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
11/7/2011 5:26:33 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/7/2011 5:24:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/7/2011 5:21:19 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
11/7/2011 5:12:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
11/7/2011 4:49:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp fasttx2k Lbd nv_agp SISAGP viaagp1
11/7/2011 4:49:16 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
11/7/2011 4:49:16 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/7/2011 4:49:16 PM, error: Service Control Manager [7000] - The Genesys Logic USB Scanner Controller NT 5.0 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/7/2011 4:11:06 PM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
11/7/2011 4:11:06 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
11/7/2011 4:11:06 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/7/2011 4:11:06 PM, error: Service Control Manager [7034] - The GEARSecurity service terminated unexpectedly. It has done this 1 time(s).
11/7/2011 4:01:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp Lbd szkg
11/7/2011 3:20:23 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
.
==== End Of File ===========================

[pgmigg]

Hello shelia,

Welcome to the forum!

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

1. The instructions being given are for YOUR computer and system only!
   Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
2. You must have Administrator rights, permissions for this computer.
3. DO NOT run any other fix or removal tools unless instructed to do so!
4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
   Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

[pgmigg]

Hello shelia,

Thank you for your patience...

P2P Advisory!
IMPORTANT: There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
µTorrent
BitTornado
MakeTorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove P2P Program

1. Click on Start -> Control Panel and double click on Add/Remove Programs.
2. Locate the following program(s):
   
   µTorrent
   BitTornado
   MakeTorrent
   
   
3. Click on the Change/Remove button to uninstall it.
   Repeat steps 2 and 3 for each program listed.
4. When the program(s) have been uninstalled, please close Add/Remove Programs. Close Control Panel.

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 2.
Please tell me, is this computer used for business purposes or connected to business or educational network?
I need to know it - so I can provide the proper instructions.

Step 3.
Run CKScanner

1. Please download CKScanner from Here
2. Important: - Save it to your Desktop.
3. Double-click CKScanner.exe and click Search For Files.
4. After a very short time, when the cursor hourglass disappears, click Save List To File.
5. A message box will verify the file saved.
6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 4.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.

1. Please download this tool from Microsoft and save it to your Desktop.
2. Double click on MGADiag.exe to run it.
3. Click "Run" again and then click "Continue".
4. The program will run. It takes a while to finish the diagnosis, please be patient.
5. Once done, click on Copy.
6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Please include in your next reply:

1. Your decision about removing P2P program.
2. Answer for my question about type of use of your computer.
3. Do you have any problems executing the instructions?
4. Contents of a log created by CKFiles.txt
5. Contents of a log created by MGADiag.exe
6. Do you see any changes in computer behavior?

Thanks,
pgmigg

[shelia]

Please include in your next reply:

Your decision about removing P2P program - those programs were removed
Answer for my question about type of use of your computer - home network with desktop and laptop - not business related
Do you have any problems executing the instructions? no problems
Contents of a log created by CKFiles.txt
Contents of a log created by MGADiag.exe
Do you see any changes in computer behavior? no real changes

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\owner\favorites\rik's stuff\computer stuff\stuff\cracks.url
c:\documents and settings\owner\my documents\downloads\launcherpro_plus_0.8.6-crackappsite.com.zip
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe
c:\program files\qualcomm\eudora\keygen.exe
scanner sequence 3.BC.11.BLAPBH
----- EOF -----

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-BRVBB-38MQ9-3PMFT
Windows Product Key Hash: 2V2VyxlfhiaCt/JkDzYQfiNOHMA=
Windows Product ID: 55277-OEM-2111907-00106
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {59D01D75-E676-40C7-A3D3-2ACECF5CDD02}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{59D01D75-E676-40C7-A3D3-2ACECF5CDD02}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3PMFT</PKey><PID>55277-OEM-2111907-00106</PID><PIDType>2</PIDType><SID>S-1-5-21-3530927332-4033242662-3775010867</SID><SYSTEM><Manufacturer>HP Pavilion 061</Manufacturer><Model>DF253A-ABA a250n</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>3.10 </Version><SMBIOSVersion major="2" minor="3"/><Date>20030627000000.000000+000</Date><SLPBIOS>HP PAVILION</SLPBIOS></BIOS><HWID>3565321701846062</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard</name><model>Pavilion</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57712</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1751E:GENUINE C&C INC|15294:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: HP PAVILION

OEM Activation 2.0 Data-->
N/A

[pgmigg]

Hello shelia,

Cracked/Keygen related software detected!!!

Your machine shows evidence of cracked or otherwise illegal software, so in accordance with our policy, we will not provide any further help.
See here: http://malwareremoval.com/forum/viewtop ... 95#p491395

This thread will be closed.

[deltalima]

Cracked Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section Use of "cracked" programs explains why we do not offer help for such computers.

This topic is now closed.