Laptop infected with Trojan horse Generic13.AZYO

[weepigeonface]

Hi,

Last night AVG detected a threat. Warning was as follows:

File Name - C:\Program files\Nero\Nero7\Nero Vision\DVDBlockAcc.dll
Threat Nme - Trojan horse Generic13.AZYO
Process Name - C:\windows\sys32\svchost.exe

After a full scan with AVG it advised that it had removed and healed the infection but would like for someone to check over my logs to ensure that it has in fact gone.

Thanks in advance for any help.

Regards Laura


DDS (Ver_09-05-14.01) - NTFSx86
Run by Laura at 17:35:25.09 on 03/06/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1014.151 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgcfgex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Users\Laura\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/webhp?rls=ig
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [fsc-reg] c:\programdata\fsc-reg\fscreg.exe 20090522
uRun: [eyeBeam SIP Client]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [recinfo545] c:\recinfo\RecInfo.exe
mRun: [CtrlVol] c:\program files\launch manager\CtrlVol.exe
mRun: [LaunchAp] c:\program files\launch manager\LaunchAp.exe
mRun: [Wbutton] c:\program files\launch manager\WButton.exe
mRun: [toolbar_eula_launcher] c:\tb_eula\EULALauncher.NET.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
StartupFolder: c:\users\laura\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {0000FC0C-9488-4C27-93E2-DAC459915C4F} = 158.152.1.58,158.152.1.43
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\google\google~2\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\laura\appdata\roaming\mozilla\firefox\profiles\usoc8jta.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-19 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-19 108552]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-4-14 9867]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-19 298776]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-4-14 131616]

============== File Associations ===============

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

=============== Created Last 30 ================

2009-05-26 23:19 <DIR> --d----- c:\program files\VideoLAN
2009-05-24 23:13 <DIR> --d----- C:\ConvertTemp
2009-05-22 21:16 <DIR> --d----- c:\users\laura\appdata\roaming\Samsung
2009-05-22 21:09 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-05-22 21:05 106,792 a------- c:\windows\system32\drivers\sscdmdm.sys
2009-05-22 21:05 11,944 a------- c:\windows\system32\drivers\sscdmdfl.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdcmnt.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdcm.sys
2009-05-22 21:05 80,552 a------- c:\windows\system32\drivers\sscdbus.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdwhnt.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdwh.sys
2009-05-22 21:03 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-05-22 21:03 766 a------- c:\windows\system32\Uninstall.ico
2009-05-22 21:00 40 a------- c:\windows\BO5130.INI

==================== Find3M ====================

2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-22 21:10 51,200 a------- c:\windows\inf\infpub.dat
2009-05-22 21:10 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-22 21:10 86,016 a------- c:\windows\inf\infstor.dat
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-05-01 17:07 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-01 17:07 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-01 17:07 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-17 04:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 04:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 04:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-09 06:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 00:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-01-30 20:24 262,144 a------- c:\progra~2\ntuser.dat
2008-12-03 23:14 174 a--sh--- c:\program files\desktop.ini
2008-12-03 23:03 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-14 23:52 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-14 23:52 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-14 23:52 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 17:37:17.52 ===============

[weepigeonface]

Forgot to mention that I have no recovery disks and that the computer seems to be running as normal but am worried to continue using the computer until I know if I'm clear.

Regards Laura

[weepigeonface]

bump please

[weepigeonface]

Bump Please

Can someone please please help me.

After doing another AVG scan that came back clear I assumed that all was good however I am now having further problems. A window popped up telling me that my "persistance module" was experiencing problems. System is now going to blue screen and memory dumping. I am in desperate need of help. What should be my next move????

[weepigeonface]

I understand that these forums are very busy and that the volunteers who help are overworked and very understanding. I have been trying to get assistance on this matter for 6 days now. I have a new set of logs that were run just moments ago as i figured these would be required. Should I post them on this thread or start a new one? I am available for the foreseeable 12 hours and could work through any help quickly if someone could please afford me some of they're valuable time.

Yours hopefully
Laura

[tetonbob]

Hello again, Laura.

By replying to your own topic so many times, and before 72 hours passed, it may appear to many helpers that the topic is already being handled. We ask that members do not bump a topic before 72 hours have passed, and then, only once. Also, each staff member who is authorized to reply has their own area of expertise, and their own personal limits of open topics. This sometimes means that not every thread receives a reply.

We do suggest in our pre-posting topic that if there is an immediate need, to take the machine to a local technician. Patience is required for this free service.

There is nothing in the original logs to suggest an active infection. From what I see, AVG has a false positive report on that Nero file. You have Nero 7 Essentials installed.

I recall this from the last time I helped you

Quote:

After I have sorted this issue I will be uninstalling Limewire.

And yet...I still see it installed.

Please note, we also state in our pre-posting topic for members to uninstall P2P applications such as Limewire before asking for help. So, you've passed on that. Please note, future aid may not be forthcoming. Part of the goal is to educate and protect, so a visit here is a one time event.

Uninstall Limewire now, and create a new set of logs after you've done that.

[weepigeonface]

DDS (Ver_09-05-14.01) - NTFSx86
Run by Laura at 20:40:22.29 on 10/06/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1014.243 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Laura\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/webhp?rls=ig
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [fsc-reg] c:\programdata\fsc-reg\fscreg.exe 20090522
uRun: [eyeBeam SIP Client]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [recinfo545] c:\recinfo\RecInfo.exe
mRun: [CtrlVol] c:\program files\launch manager\CtrlVol.exe
mRun: [LaunchAp] c:\program files\launch manager\LaunchAp.exe
mRun: [Wbutton] c:\program files\launch manager\WButton.exe
mRun: [toolbar_eula_launcher] c:\tb_eula\EULALauncher.NET.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
StartupFolder: c:\users\laura\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {0000FC0C-9488-4C27-93E2-DAC459915C4F} = 158.152.1.58,158.152.1.43
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\google\google~2\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\laura\appdata\roaming\mozilla\firefox\profiles\usoc8jta.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-19 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-19 108552]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-4-14 9867]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-19 298776]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-19 40160]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-4-14 131616]

============== File Associations ===============

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

=============== Created Last 30 ================

2009-06-09 22:47 <DIR> --dsh--- C:\found.000
2009-06-09 20:21 178,940,936 a------- c:\windows\MEMORY.DMP
2009-06-08 20:13 <DIR> --d----- c:\program files\iPod
2009-06-08 20:13 <DIR> --d----- c:\program files\iTunes
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-26 23:19 <DIR> --d----- c:\program files\VideoLAN
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-24 23:13 <DIR> --d----- C:\ConvertTemp
2009-05-22 21:16 <DIR> --d----- c:\users\laura\appdata\roaming\Samsung
2009-05-22 21:09 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-05-22 21:05 106,792 a------- c:\windows\system32\drivers\sscdmdm.sys
2009-05-22 21:05 11,944 a------- c:\windows\system32\drivers\sscdmdfl.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdcmnt.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdcm.sys
2009-05-22 21:05 80,552 a------- c:\windows\system32\drivers\sscdbus.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdwhnt.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdwh.sys
2009-05-22 21:03 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-05-22 21:03 766 a------- c:\windows\system32\Uninstall.ico
2009-05-22 21:00 40 a------- c:\windows\BO5130.INI

==================== Find3M ====================

2009-06-08 20:07 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 20:07 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 20:07 51,200 a------- c:\windows\inf\infpub.dat
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-05-01 17:07 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-01 17:07 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-01 17:07 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-17 04:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 04:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 04:38 24,064 a------- c:\windows\system32\amxread.dll
2009-01-30 20:24 262,144 a------- c:\progra~2\ntuser.dat
2008-12-03 23:14 174 a--sh--- c:\program files\desktop.ini
2008-12-03 23:03 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-14 23:52 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-14 23:52 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-14 23:52 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 20:44:05.70 ===============

[weepigeonface]

I haved had to come to another computer as I cannot get my laptop to stay on long enough. Firstly let me apologise for being an impatient little madam and secondly to ensure you that I did uninstall Limewire after our last "meeting" however my boyfriend did install again. I take full responsibility for my laptop though. So again sorry. I have uninstalled limewire. After running dds several times I can only get the first log before my system goes to a blue screen memory dump. That is posted above. I cannot get GMER to run without my system crashing. I know that my C drive is fit to burst and have tried to delete/move stuff but I'm having some trouble because of the crashing. Any help would be greatly appreciated.

Waiting patiently (like a good girl) !
Laura

[tetonbob]

The overfull C drive is part of the problem. The crashes, from what I see, are not malware related.

Try uninstalling some unused, unnecessary or easily replaced applications to regain some disk space. Also try moving data such as pictures and videos. If need be, delete some if you know they are replaceable. Use Shift + Del to bypass Recycle Bin if you do delete anything.

C: is FIXED (NTFS) - 67 GiB total, 1.525 GiB free.

You need a minimum of 10 GB free space on the OS drive.

Use Safe Mode if necessary.

Once you've done that, try again to run the tools.

[weepigeonface]

I get a couple of minutes before I crash in normal or safe mode. I've managed to free up another couple of GiB but when I try to uninstall anything larger (open office or safari for instance) I crash part of the way through. I have copied my itunes to my D drive and am ready to delete them from my C drive however when I delete a single song from the C drive and then try to play the song in itunes it can't find the location. Do I just change the location in the advanced settings. I am wary about deleting from C drive until I am sure I can still access the files via the D drive. Deleting this will clear up about 10 GiB but I'm not sure how to go about this. Can you advise best way to do this or point me in the direction of someone who can help.

Your humble servant
Laura

[tetonbob]

I don't use iTunes, but see if this helps. I've never tried this.

http://lifehacker.com/238296/ultrane...external-drive

To point iTunes to the new location, hold down the Shift key (Option on the Mac) when you launch iTunes. When it asks what library to use, click the "Choose Library..." button and browse to the iTunes Library.itl file on the external drive (or in your case, the D drive).

From there, iTunes will use the new library location and you can delete your old library folder and free up all that space on your hard drive it hogged up.

I suspect you have OS corruption going on with all the crashes. Once you clear up some free space, we'll try to see what's going on. We may end up sending you over to the Windows Vista section of the forums.

[weepigeonface]

I have cleared up about 12 GiB and will continue to clear out anything that is no longer needed. Thanks for the link about moving itunes. Made life a lot easier. Things seem to be running a lot healthier. Here are the new logs.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Laura at 2:27:08.16 on 11/06/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1014.289 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Laura\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/webhp?rls=ig
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [fsc-reg] c:\programdata\fsc-reg\fscreg.exe 20090522
uRun: [eyeBeam SIP Client]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [recinfo545] c:\recinfo\RecInfo.exe
mRun: [CtrlVol] c:\program files\launch manager\CtrlVol.exe
mRun: [LaunchAp] c:\program files\launch manager\LaunchAp.exe
mRun: [Wbutton] c:\program files\launch manager\WButton.exe
mRun: [toolbar_eula_launcher] c:\tb_eula\EULALauncher.NET.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
StartupFolder: c:\users\laura\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {0000FC0C-9488-4C27-93E2-DAC459915C4F} = 158.152.1.58,158.152.1.43
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\google\google~2\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\laura\appdata\roaming\mozilla\firefox\profiles\usoc8jta.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-19 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-19 108552]

============== File Associations ===============

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

=============== Created Last 30 ================

2009-06-10 22:42 <DIR> --d----- c:\programdata\WindowsSearch
2009-06-10 21:29 <DIR> --dsh--- C:\found.000
2009-06-10 21:15 184,765,448 a------- c:\windows\MEMORY.DMP
2009-06-08 20:13 <DIR> --d----- c:\program files\iPod
2009-06-08 20:13 <DIR> --d----- c:\program files\iTunes
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-26 23:19 <DIR> --d----- c:\program files\VideoLAN
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-24 23:13 <DIR> --d----- C:\ConvertTemp
2009-05-22 21:16 <DIR> --d----- c:\users\laura\appdata\roaming\Samsung
2009-05-22 21:09 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-05-22 21:05 106,792 a------- c:\windows\system32\drivers\sscdmdm.sys
2009-05-22 21:05 11,944 a------- c:\windows\system32\drivers\sscdmdfl.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdcmnt.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdcm.sys
2009-05-22 21:05 80,552 a------- c:\windows\system32\drivers\sscdbus.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdwhnt.sys
2009-05-22 21:05 9,256 a------- c:\windows\system32\drivers\sscdwh.sys
2009-05-22 21:03 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-05-22 21:03 766 a------- c:\windows\system32\Uninstall.ico
2009-05-22 21:00 40 a------- c:\windows\BO5130.INI

==================== Find3M ====================

2009-06-08 20:07 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 20:07 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 20:07 51,200 a------- c:\windows\inf\infpub.dat
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-05-01 17:07 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-01 17:07 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-01 17:07 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-17 04:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 04:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 04:38 24,064 a------- c:\windows\system32\amxread.dll
2009-01-30 20:24 262,144 a------- c:\progra~2\ntuser.dat
2008-12-03 23:14 174 a--sh--- c:\program files\desktop.ini
2008-12-03 23:03 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-14 23:52 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-14 23:52 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-14 23:52 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 2:30:22.48 ===============

[tetonbob]

That looks a lot better. Regular maintenance such as clearing of temp files and performing a defrag would likely be in order.

I'm still not seeing any malware in those logs, which is good.

I see you have Malwarebytes' AntiMalware installed. Since you do, let's use it to run a quick scan.

Please update it's definitions, and run a new Quick Scan.

• Launch Malwarebytes' Antimalware (Vista users, right click and run as administrator)
• On the updates tab, click on Check for Updates
• If an update is found, it will begin. Once the update is complete..
• Click on the Scanner tab. Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

[weepigeonface]

Malwarebytes' Anti-Malware 1.37
Database version: 2260
Windows 6.0.6001 Service Pack 1

11/06/2009 03:46:02
mbam-log-2009-06-11 (03-46-02).txt

Scan type: Quick Scan
Objects scanned: 81728
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[tetonbob]

Looks good to me. Use the machine as normal, and let me know if there are issues still.

Since I don't think there was malware involved in these issues to begin with, I don't think a lengthy online scan is necessary.

If, after normal maintenance, you continue to experience system crashes, please post in the Windows Vista section of the forums.

[weepigeonface]

Thanks again for all your help and let me again apologise for my impatience. I guess I'm just a spoiled little girl who is used to getting what she wants when she wants it and it turns out that the whole world does not revolve around me. I have shut down and rebooted and seem to be having no issues at the moment. If anything arises I will indeed contact your colleagues in the vista forum.

It's a shame you're not British. . . . . . . . . . . I would have written to the Queen and suggested you for a Knighthood (Although the chances of her taking my advice might have been slim). Sir Tetonbob I salute you!

Laura

[tetonbob]

Hi Laura -

I'm glad to hear the machine is performing better again. Thanks for the kind words.

I understand the frustration when a computer is not behaving well. I think you have a better understanding of how things work at all online help forums now. We are all volunteers, and try our best to get to all topics, but there are simply more folks in need of help than there are trained helpers.
You have my prevention closing remarks in your previous thread. Please review them once again.

Surf Safely!

Since this issue appears to be resolved, this topic will be archived.