Carolyn,
Thank you very much for responding. I was worried that I had posted something wrong or something. I am pasting the logs as you requested, however, I do not know what your instructions meant by checking all items in the c:\system volume information folder nad click on remove selected? I never saw anything like that. I wanted to give you some of the details about what the system was doing though. I had a bunch of programs installed, like Realplayer, Frostwire, Limewire, and Divx player. Real player starts "not responding" alot, so I was so frustrated, that I just removed it, and a few of the other programs. think it was about that time that I got the avg download. I had been on the internet several time without the webroot program running. I wanted to tr;y to figure out why the computer was running slow so I asked a friend and they told me to go to the prefetch and temp files and clean them out. Well when I went into the prefetch file, and deleted the items, before I could close the window out, several more files appeared there. They just popped up. I thought that might be strange, so I did it again, and same thing happened. Also, I have alot of programs running in the background that I do not know what they are, and I cannot turn them off. The system lets me turn some of them off, but not the ones I am curious about. ( the ones with unknown company name ), A friend told me to shut off the system restore and run avg in safe mode. Tried that but sys. shuts itself down. Tried runnign windows defender in safe mode, but same results. At some point a I did a system recovery. Problems still exist. Avg had found some infections but said that some files cannot be healed, and specified file name not found. they were c:\users\lisa\AppData\roaming\microsoft\windows\cookies\low\lisa@atdmt(2).txt and the other one was the same except for the last part (after low)
lisa@m.webtrends(2).txt. I do not recall which, but one of the programs said I had trojanhorsedownloader.generic_cAGS and the path to file was c:users\lisa\documents\frostwire\nora jones_turn me on.mp3. I do not know what to do, so here I am. please be patient, I am really computer illiterate. I will try and get you the info. that you need. Please let me know if I need to complete the first part of the instructions about the malwarebytes remove selected part. I am pasting it here for you. Thank you very much . Please let me know. Oh, during the scan from malwarebytes, about an hour or so into it the abort scan button staarted flashing, and scan began running really slow. It did say it finished sucessfully though. thanks again. Lisa
Malwarebytes' Anti-Malware 1.36
Database version: 1950
Windows 6.0.6001 Service Pack 1
4/7/2009 11:59:36 PM
mbam-log-2009-04-07 (23-59-36).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 157056
Time elapsed: 1 hour(s), 51 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
malware bytes log file:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Lisa at 2009-04-08 00:52:21
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 155 GB (86%) free of 181 GB
Total RAM: 2814 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:51 AM, on 4/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\NOTEPAD.EXE
C:\WINDOWS\System32\notepad.exe
C:\Users\Lisa\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Lisa.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnbR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnbR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnbR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 4471 bytes
======Scheduled tasks folder======
C:\Windows\tasks\HPCeeScheduleForLisa.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-22 1078552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-22 1932568]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2009-04-08 00:52:20 ----D---- C:\rsit
2009-04-07 22:06:25 ----D---- C:\Users\Lisa\AppData\Roaming\Malwarebytes
2009-04-07 22:06:18 ----D---- C:\ProgramData\Malwarebytes
2009-04-07 22:06:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-01 20:30:11 ----D---- C:\Program Files\Trend Micro
2009-03-26 13:59:21 ----D---- C:\Program Files\NetWaiting
2009-03-26 13:59:12 ----D---- C:\Users\Lisa\AppData\Roaming\InstallShield
2009-03-26 08:18:17 ----SHD---- C:\Config.Msi
2009-03-23 23:14:56 ----D---- C:\Users\Lisa\AppData\Roaming\GTek
2009-03-21 21:14:14 ----HD---- C:\$AVG8.VAULT$
2009-03-17 23:27:26 ----A---- C:\Windows\system32\avgrsstx.dll
2009-03-17 23:27:15 ----D---- C:\Program Files\AVG
2009-03-15 11:03:52 ----A---- C:\Windows\system32\avgrep.txt
2009-03-15 02:08:30 ----A---- C:\Windows\ntbtlog.txt
2009-03-13 14:41:37 ----A---- C:\Windows\system32\wmp.dll
2009-03-13 14:41:30 ----A---- C:\Windows\system32\spwmp.dll
2009-03-13 14:41:24 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-13 14:41:22 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-13 14:41:14 ----A---- C:\Windows\system32\schannel.dll
2009-03-10 21:47:38 ----D---- C:\ProgramData\Apple Computer
======List of files/folders modified in the last 1 months======
2009-04-08 00:52:52 ----D---- C:\Windows\Temp
2009-04-08 00:52:40 ----D---- C:\Windows\Prefetch
2009-04-07 22:06:22 ----D---- C:\Windows\system32\drivers
2009-04-07 22:06:18 ----HD---- C:\ProgramData
2009-04-07 22:06:16 ----D---- C:\Program Files
2009-04-07 21:41:07 ----D---- C:\Windows\System32
2009-04-07 21:41:07 ----D---- C:\Windows\inf
2009-04-07 21:41:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-07 21:35:55 ----SHD---- C:\System Volume Information
2009-03-28 19:48:24 ----D---- C:\WINDOWS
2009-03-27 21:55:36 ----SD---- C:\Users\Lisa\AppData\Roaming\Microsoft
2009-03-27 21:13:10 ----D---- C:\Program Files\CONEXANT
2009-03-27 21:12:30 ----D---- C:\Windows\system32\catroot
2009-03-26 14:42:51 ----D---- C:\Windows\Microsoft.NET
2009-03-26 14:41:06 ----RSD---- C:\Windows\assembly
2009-03-26 14:12:38 ----SHD---- C:\Windows\Installer
2009-03-26 14:11:25 ----D---- C:\Windows\winsxs
2009-03-26 14:05:51 ----D---- C:\Windows\Minidump
2009-03-26 08:54:07 ----D---- C:\Program Files\Google
2009-03-26 08:44:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-26 08:43:28 ----D---- C:\ProgramData\Kodak
2009-03-26 08:42:05 ----D---- C:\Program Files\HP
2009-03-26 08:39:53 ----D---- C:\Windows\system32\catroot2
2009-03-26 08:37:31 ----D---- C:\Program Files\Common Files\microsoft shared
2009-03-26 08:37:13 ----D---- C:\Program Files\QuickTime
2009-03-26 08:35:31 ----D---- C:\Windows\system
2009-03-26 08:30:27 ----D---- C:\Program Files\Common Files\Real
2009-03-26 08:30:26 ----D---- C:\Users\Lisa\AppData\Roaming\Real
2009-03-26 08:30:24 ----D---- C:\Program Files\Common Files
2009-03-26 08:20:12 ----D---- C:\Program Files\Atheros
2009-03-26 08:19:07 ----D---- C:\Program Files\ArcSoft
2009-03-26 08:18:20 ----D---- C:\Program Files\Apple Software Update
2009-03-22 23:47:31 ----D---- C:\Users\Lisa\AppData\Roaming\FrostWire
2009-03-22 14:25:45 ----D---- C:\Windows\system32\WDI
2009-03-18 21:09:44 ----D---- C:\ProgramData\avg8
2009-03-15 06:56:26 ----D---- C:\Program Files\DivX
2009-03-15 06:43:19 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-03-15 06:40:30 ----D---- C:\ProgramData\Adobe
2009-03-15 06:40:30 ----D---- C:\Program Files\Adobe
2009-03-14 13:22:54 ----D---- C:\Program Files\Windows Media Player
2009-03-14 13:22:54 ----D---- C:\Program Files\Windows Mail
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-03-22 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-03-18 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-03-26 108552]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-10-03 222208]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-01-29 1042464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-05-03 42528]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-03 7446656]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-24 14848]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-03-22 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-22 298264]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-03 196608]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-25 361808]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe []
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
-----------------EOF-----------------
and the minimized file :
info.txt logfile of random's system information tool 1.06 2009-04-08 00:52:58
======Uninstall list======
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IWAHerza.INF
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP User Guides 0110-->MsiExec.exe /I{B640E7CC-7091-4A24-AE76-2140065D2054}
HP Wireless Assistant-->MsiExec.exe /I{340F521E-3576-4E1A-B75C-EB0ACF751379}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
USB Wireless Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F07096A7-BAD7-4DC0-A430-B273DADF9280}\setup.exe" -l0x9
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
======Security center information======
AV: AVG Anti-Virus
AS: AVG Anti-Virus (disabled)
AS: Windows Defender
======System event log======
Computer Name: Lisa-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 26579
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090408023344.689380-000
Event Type: Error
User:
Computer Name: Lisa-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 26620
Source Name: Service Control Manager
Time Written: 20090408023517.000000-000
Event Type: Error
User:
Computer Name: Lisa-PC
Event Code: 7000
Message: The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 26629
Source Name: Service Control Manager
Time Written: 20090408023517.000000-000
Event Type: Error
User:
Computer Name: Lisa-PC
Event Code: 7
Message: The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
Record Number: 26678
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090408032847.622084-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Lisa-PC
Event Code: 7
Message: The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
Record Number: 26679
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090408032847.622084-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: Lisa-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 2934
Source Name: Microsoft-Windows-WMI
Time Written: 20090406000238.000000-000
Event Type: Error
User:
Computer Name: Lisa-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 2962
Source Name: Microsoft-Windows-WMI
Time Written: 20090406025315.000000-000
Event Type: Error
User:
Computer Name: Lisa-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 2987
Source Name: Microsoft-Windows-WMI
Time Written: 20090407064548.000000-000
Event Type: Error
User:
Computer Name: Lisa-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 3017
Source Name: Microsoft-Windows-WMI
Time Written: 20090408023516.000000-000
Event Type: Error
User:
Computer Name: Lisa-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {65be1c48-1bbb-4880-b560-f18a2fc5eaa7}
Record Number: 3019
Source Name: VSS
Time Written: 20090408023527.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Lisa-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 5821
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090408055245.140484-000
Event Type: Audit Failure
User:
Computer Name: Lisa-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 5822
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090408055245.265284-000
Event Type: Audit Failure
User:
Computer Name: Lisa-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 5823
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090408055245.452484-000
Event Type: Audit Failure
User:
Computer Name: Lisa-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 5824
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090408055245.561684-000
Event Type: Audit Failure
User:
Computer Name: Lisa-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 5825
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090408055245.655284-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OnlineServices"=Online Services
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PCBRAND"=Presario
"Platform"=MCD
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_LEVEL"=17
"PROCESSOR_REVISION"=0301
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
-----------------EOF-----------------