User Tag List

Laptop running slow

This is a discussion on Laptop running slow within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi My laptop is running very slow, sometimes it takes 2/3 minutes to log on from the log on prompt


 
 
Thread Tools Search this Thread
Old 02-22-2010, 02:00 AM   #1
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



Hi

My laptop is running very slow, sometimes it takes 2/3 minutes to log on from the log on prompt (seemingly starting up numerous programmes in the background), also problems with IE, sub menus on favourites sometimes do not open on their own and more worringly the view/text changes size on it's own.

I have done the first steps as requested, I had problems running GMER (twice stopped working and twice laptop crashed) I do not have access to an install disc or boot CD, any help much appreciated.

DDS log


DDS (Ver_09-12-01.01) - NTFSx86
Run by Martyn & Linda at 18:00:41.38 on 21/02/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.893.164 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SpywareBot *disabled* (Updated) {BE6BB97C-93A3-4C2E-8CEC-55CA0E6B6229}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\brss01a.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Martyn & Linda\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bbc.co.uk/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: motive.com\pbttbc.bt
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-27 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-27 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-28 108552]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-1-7 402432]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2009-12-20 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2009-12-20 345832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-27 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-27 297752]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2009-6-10 335872]
S2 gupdate1c9b94f93379931;Google Update Service (gupdate1c9b94f93379931);c:\program files\google\update\GoogleUpdate.exe [2009-4-9 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-1 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-7-20 13224]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-4-3 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-4-3 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-4-3 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-4-3 115368]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-4-3 111784]

=============== Created Last 30 ================

2010-02-21 11:44:50 0 d-----w- c:\users\martyn~1\appdata\roaming\Uniblue

==================== Find3M ====================

2010-02-01 17:14:53 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-01 17:14:53 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-14 11:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 14:24:00 402432 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
2010-01-02 13:22:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-01-02 13:21:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-02 12:49:28 143360 ----a-w- c:\windows\inf\infstor.dat
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-08 20:01:02 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01:02 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 18:30:05 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28:52 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28:51 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28:51 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28:49 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28:27 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28:21 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-11-30 11:43:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-29 22:22:22 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2008-11-24 22:33:55 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-16 11:58:22 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-11-16 11:58:22 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-11-16 11:58:22 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:03:32.56 ===============
Attached Files
File Type: zip ark.zip (2.4 KB, 22 views)
blondie38 is offline  
Sponsored Links
Advertisement
 
Old 02-25-2010, 01:10 PM   #2
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



BUMP please
blondie38 is offline  
Old 03-01-2010, 06:57 AM   #3
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



Any help out there?
blondie38 is offline  
Sponsored Links
Advertisement
 
Old 03-01-2010, 10:33 PM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello blondie38,

I'm not seeing any malware in the logs. When did you last use Uniblue and do the problems seem to have started around that time?

Let's see if an online scan reveals anything for us. Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-02-2010, 01:30 PM   #5
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



Thanks for the reply

Uniblue downloaded and used within the last month, I downloaded it but thought better about using it when it asked me delete any existing anti virus software, I then deleted it using the add/remove program. The problems started before this.

Kaspersky scan log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, March 2, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 02, 2010 10:09:26
Records in database: 3684382
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\

Scan statistics:
Objects scanned: 114716
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 05:33:52


File name / Threat / Threats count
C:\Users\Martyn & Linda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\345b85c8-42490611 Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\Users\Martyn & Linda\Desktop\Shared\Queen - 06 Tie your Mother down.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

Selected area has been scanned.
blondie38 is offline  
Old 03-02-2010, 10:43 PM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome. :)

Based on the Kaspersky results for that mp3 file, I'd like for you to run ComboFix. Download the tool from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-03-2010, 06:58 AM   #7
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



ComboFix 07-12-16.4 - Martyn & Linda 2007-12-16 21:10:36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.351 [GMT 0:00]
Running from: C:\Users\Martyn & Linda\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Privacy Policy.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\Terms and conditions.url
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Privacy Policy.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Terms and conditions.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Website.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Privacy Policy.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Terms and conditions.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.lnk
c:\Users\Martyn & Linda\AppData\Local\yuuvlnqgl.dat
C:\Users\Martyn & Linda\AppData\Local\yuuvlnqgl.exe
c:\Users\Martyn & Linda\AppData\Local\yuuvlnqgl_nav.dat
c:\Users\Martyn & Linda\AppData\Local\yuuvlnqgl_navps.dat
C:\Users\Martyn & Linda\AppData\Local\yuuvlnqgl_navup.dat
C:\Windows\system32\nvs2.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 )))))))))))))))))))))))))))))))
.

2007-12-12 17:15 . 2007-12-12 17:15 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-12 17:15 . 2007-12-12 17:15 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-12 17:15 . 2007-12-12 17:15 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-12 17:15 . 2007-12-12 17:15 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-12 17:13 . 2007-12-12 17:13 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-12 17:13 . 2007-12-12 17:13 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-12 17:13 . 2007-12-12 17:13 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-12 17:13 . 2007-12-12 17:13 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-12 17:10 . 2007-12-12 17:10 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-12 17:10 . 2007-12-12 17:10 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-12 17:10 . 2007-12-12 17:10 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-12 16:31 . 2007-12-12 16:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-12 14:14 . 2007-12-12 14:14 <DIR> dr------- C:\Users\x\Videos
2007-12-12 14:14 . 2007-12-12 14:14 <DIR> dr------- C:\Users\x\Searches
2007-12-12 14:14 . 2007-12-12 14:14 <DIR> dr------- C:\Users\x\Saved Games
2007-12-12 14:14 . 2007-12-12 14:14 <DIR> dr------- C:\Users\x\Pictures
2007-12-12 14:14 . 2007-12-12 14:14 <DIR> dr------- C:\Users\x\Music
2007-12-12 14:14 . 2007-12-12 14:14 <DIR> dr------- C:\Users\x\Links
2007-12-12 14:14 . 2007-12-12 14:14 <DIR> dr------- C:\Users\x\Downloads
2007-12-12 14:14 . 2007-12-12 14:14 <DIR> dr------- C:\Users\x\Documents
2007-12-12 14:14 . 2007-12-12 14:14 <DIR> dr------- C:\Users\x\Contacts
2007-12-12 14:14 . 2007-12-12 14:14 <DIR> d-------- C:\Users\x\AppData\Roaming\PC Suite
2007-12-12 14:14 . 2006-11-02 12:37 <DIR> d-------- C:\Users\x\AppData\Roaming\Media Center Programs
2007-12-12 14:14 . 2007-12-12 14:14 <DIR> d--h----- C:\Users\x\AppData
2007-12-09 20:00 . 2007-12-16 20:59 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-09 19:36 . <DIR> C:\Users\Martyn 2007-12-09 19:36 <DIR> Linda\AppData\Roaming\SpywareBot
2007-12-04 15:32 . 2007-12-04 15:32 <DIR> dr------- C:\Users\e\Searches
2007-12-04 15:31 . 2007-12-04 15:32 <DIR> dr------- C:\Users\e\Videos
2007-12-04 15:31 . 2007-12-04 15:32 <DIR> dr------- C:\Users\e\Saved Games
2007-12-04 15:31 . 2007-12-04 15:32 <DIR> dr------- C:\Users\e\Pictures
2007-12-04 15:31 . 2007-12-04 15:32 <DIR> dr------- C:\Users\e\Music
2007-12-04 15:31 . 2007-12-04 15:32 <DIR> dr------- C:\Users\e\Links
2007-12-04 15:31 . 2007-12-04 15:32 <DIR> dr------- C:\Users\e\Downloads
2007-12-04 15:31 . 2007-12-04 15:32 <DIR> dr------- C:\Users\e\Documents
2007-12-04 15:31 . 2007-12-04 15:31 <DIR> dr------- C:\Users\e\Contacts
2007-12-04 15:31 . 2007-12-04 15:31 <DIR> d-------- C:\Users\e\AppData\Roaming\PC Suite
2007-12-04 15:31 . 2006-11-02 12:37 <DIR> d-------- C:\Users\e\AppData\Roaming\Media Center Programs
2007-12-04 15:31 . 2007-12-04 15:32 <DIR> d--h----- C:\Users\e\AppData
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\Windows\System32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\Windows\System32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\Windows\System32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\Windows\System32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\Windows\System32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\Windows\System32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\Windows\System32\drivers\srtsp.inf
2007-11-25 15:24 . <DIR> C:\Users\Martyn 2007-11-25 15:24 <DIR> Linda\AppData\Roaming\Real
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Real
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Common Files\Real
2007-11-22 19:38 . <DIR> C:\Users\Martyn 2007-11-22 19:38 <DIR> Linda\AppData\Roaming\Sony
2007-11-22 19:38 . 2007-11-22 19:38 <DIR> d-------- C:\ProgramData\Sony
2007-11-22 19:28 . 2007-11-22 19:28 <DIR> d-------- C:\ProgramData\Apple Computer
2007-11-22 19:28 . 2007-11-22 19:29 <DIR> d-------- C:\Program Files\QuickTime
2007-11-22 19:27 . 2007-11-22 19:27 <DIR> d-------- C:\ProgramData\Apple
2007-11-22 19:27 . 2007-11-22 19:27 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-22 19:19 . 2007-11-22 19:19 <DIR> d-------- C:\ProgramData\BVRP Software
2007-11-22 19:19 . 2007-11-24 09:32 <DIR> d-------- C:\Program Files\Avanquest update
2007-11-22 19:16 . 2007-11-22 19:16 <DIR> d-------- C:\ProgramData\Sony Ericsson
2007-11-22 19:16 . 2007-11-22 19:33 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-11-22 19:15 . <DIR> C:\Users\Martyn 2007-11-22 19:15 <DIR> Linda\AppData\Roaming\InstallShield
2007-11-20 08:06 . 2007-11-20 08:06 <DIR> dr------- C:\Users\y\Videos
2007-11-20 08:06 . 2007-11-20 08:06 <DIR> dr------- C:\Users\y\Searches
2007-11-20 08:06 . 2007-11-20 08:06 <DIR> dr------- C:\Users\y\Saved Games
2007-11-20 08:06 . 2007-11-20 08:06 <DIR> dr------- C:\Users\y\Pictures
2007-11-20 08:06 . 2007-11-20 08:06 <DIR> dr------- C:\Users\y\Music
2007-11-20 08:06 . 2007-11-20 08:06 <DIR> dr------- C:\Users\y\Links
2007-11-20 08:06 . 2007-11-20 08:06 <DIR> dr------- C:\Users\y\Downloads
2007-11-20 08:06 . 2007-11-20 08:06 <DIR> dr------- C:\Users\y\Documents
2007-11-20 08:06 . 2007-11-20 08:06 <DIR> dr------- C:\Users\y\Contacts
2007-11-20 08:06 . 2007-11-20 08:06 <DIR> d-------- C:\Users\y\AppData\Roaming\PC Suite
2007-11-20 08:06 . 2006-11-02 12:37 <DIR> d-------- C:\Users\y\AppData\Roaming\Media Center Programs
2007-11-20 08:06 . 2007-11-20 08:06 <DIR> d--h----- C:\Users\y\AppData
2007-11-19 21:38 . 2007-11-19 21:38 1,244,672 --a------ C:\Windows\System32\mcmde.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 17:55 --------- d-----w C:\Program Files\BGroom
2007-12-12 17:14 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 17:14 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 17:14 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-11 06:48 --------- d-----w C:\ProgramData\Symantec
2007-12-09 19:36 --------- d-----w C:\Users\Martyn & Linda\AppData\Roaming\SpywareBot
2007-12-08 08:36 --------- d-----w C:\Users\Martyn & Linda\AppData\Roaming\LimeWire
2007-12-05 07:11 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-05 07:11 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-05 07:11 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-05 07:11 --------- d-----w C:\Program Files\Symantec
2007-11-22 19:38 --------- d-----w C:\Users\Martyn & Linda\AppData\Roaming\Sony
2007-11-22 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 19:15 --------- d-----w C:\Users\Martyn & Linda\AppData\Roaming\InstallShield
2007-11-14 17:51 --------- d-----r C:\Users\Martyn & Linda\AppData\Roaming\Brother
2007-11-14 07:29 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 07:29 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 07:29 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 07:29 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 07:29 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 07:29 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 07:29 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 07:29 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-14 07:29 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 07:29 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 07:29 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-14 07:29 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 07:29 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 07:29 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 07:27 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-14 07:27 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-14 07:27 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-14 07:27 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-14 07:27 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-14 07:27 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-14 07:27 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-14 07:27 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-14 07:27 --------- d-----w C:\Program Files\Windows Mail
2007-11-11 15:04 --------- d-----w C:\Users\Martyn & Linda\AppData\Roaming\TVU Networks
2007-11-11 14:35 --------- d-----w C:\Program Files\TVUPlayer
2007-11-11 14:14 --------- d-----w C:\Users\Martyn & Linda\AppData\Roaming\SopCast
2007-11-11 14:14 --------- d-----w C:\Program Files\SopCast
2007-10-28 17:08 --------- d-----w C:\Program Files\Java
2007-10-11 05:59 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-11 05:59 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-11 05:59 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-11 05:59 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-11 05:54 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-11 05:54 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-11 05:54 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-08-29 13:24 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 12:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-09-26 15:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-19 19:41]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 09:07 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 21:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-25 15:24]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys
R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071212.001\IDSvix86.sys
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys
R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe -k netsvcs
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe -k LocalService
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe -k netsvcs
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe -k netsvcs
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkService
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe -k netsvcs
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService
R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe -k LocalService
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys
R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe -k netsvcs
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup
R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe -k netsvcs
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe -k LocalService
R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys
R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe -k LocalService
S2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe -k netsvcs
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe
S3 dot3svc;Wired AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe -k netsvcs
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe -k LocalService
S3 QWAVEdrv;QWAVE driver;C:\Windows\system32\drivers\qwavedrv.sys
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys
S3 s117bus;Sony Ericsson Device 117 driver (WDM);C:\Windows\system32\DRIVERS\s117bus.sys
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s117mdfl.sys
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s117mdm.sys
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s117mgmt.sys
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS);C:\Windows\system32\DRIVERS\s117nd5.sys
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s117obex.sys
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM);C:\Windows\system32\DRIVERS\s117unic.sys
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe -k netsvcs
S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe -k SDRSVC
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe -k netsvcs
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys
S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe -k LocalService
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalService
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe -k LocalService
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalService
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe -k wcssvc
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k wdisvc
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe -k NetworkService
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys
S4 arc;arc;C:\Windows\system32\drivers\arc.sys
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys
S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys
S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe -k LocalService
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys
S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys
S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contents of the 'Scheduled Tasks' folder
"2007-12-09 20:30:34 C:\Windows\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2007-12-16 20:30:58 C:\Windows\Tasks\User_Feed_Synchronization-{F86FD1CA-6F44-4672-902B-5FE4BA8888E9}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-12-16 21:14:58
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-16 21:16:25
.
2007-12-14 10:05:44 --- E O F ---
blondie38 is offline  
Old 03-03-2010, 05:22 PM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Did you download and run Combofix as I instructed? This log is from 2007.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-04-2010, 02:22 PM   #9
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



Sorry I am having a lot of problems running Combofix, I thought the 2007 text log was one I had managed to get done this time, I get the same problems downloading from both links, details of problems below.
Download of combofix to desktop works ok
When I start to run combofix it tells me I have the following scanners enabled
Antivirus AVG anti virus free Antispyware AVG anti virus free Antispyware spybot search and destroy
I cannot understand this as I have disabled AVG and I can find no reference on my laptop to spybot search and destroy
I ran combofix regardless as I was confident they were not running, combofix then tells me my machine does not have “Microsoft windows recovery” installed and then attempts to download it during this process the message “boot partition cannot be enumerated correctly” appears.
The scan then starts, gets to stage 2 and the message “PEV.cfxxe has stopped working” appears and windows looks for a solution, it cannot find one, I cancel this and the scan continues.
Combofix then completes to stage 50, deletes 6 files and 7 folders, finds 2 infected files and attempts to restore these, attempts to reboot warning that is must do this on its own and must not be done manually.
During the reboot a “Techguys recovery v2.00 hdd.en” screen appears with the following 4 options,
Start Microsoft windows repair environment Reinstall windows Advanced options Exit and restart windows
I dare not use options 2 & 3, option 4 just brings you back to the recovery screen, when using the repair option and the PC restarts the combofix application on the desktop has been replaced by a “catchme” text document (contents below) and there is no combofix text file on the C drive.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-03-04 19:05:44
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden services & system hive ...
blondie38 is offline  
Old 03-04-2010, 09:44 PM   #10
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Quote:
I cancel this and the scan continues.
Combofix then completes to stage 50, deletes 6 files and 7 folders, finds 2 infected files and attempts to restore these, attempts to reboot warning that is must do this on its own and must not be done manually.
On your keyboard, press the Windows Logo key and the letter R to open the Run box. Copy/paste the following bolded text into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A report should pop open for you. Please post the contents in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-05-2010, 01:25 PM   #11
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



Done the above and I get a box saying windows cannot find "C:\Qoobox\ComboFix-quarantined-files.txt"
blondie38 is offline  
Old 03-05-2010, 10:21 PM   #12
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Was this machine a Vista upgrade from XP OS?

Is there a C:\Qoobox folder? If so, please list out what is in it.

Quote:
When I start to run combofix it tells me I have the following scanners enabled
Antivirus AVG anti virus free Antispyware AVG anti virus free Antispyware spybot search and destroy
I cannot understand this as I have disabled AVG and I can find no reference on my laptop to spybot search and destroy
From your first post...
Quote:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Martyn & Linda at 18:00:41.38 on 21/02/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.893.164 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SpywareBot *disabled* (Updated) {BE6BB97C-93A3-4C2E-8CEC-55CA0E6B6229}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
I do not see Spybot in your list of installed programs in the Attach.txt. Did you uninstall it at some point?

Same goes for Spywarebot (which is not a recommended program). It's in the header of the log, but not in the installed list. Was this uninstalled at some point as well?

I do see Norton360 in the list, but not running. What happened there? Is it still installed?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-07-2010, 01:42 PM   #13
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



Not an upgrade from XP, machine was bought new with vista pre-installed.

No C:\Qoobox folder present.

Spybot used at one time, now uninstalled.

No knowledge of spywarebot

Had norton 360 installed at one point, uninstalled more than 2 years ago
blondie38 is offline  
Old 03-07-2010, 07:30 PM   #14
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Odd indeed.

Let's try Combofix again and double check that you are disabling AVG as such:

Open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar.
  • Click on Open AVG Interface.
  • Double click on Resident Shield
  • Deselect the option to "Enable Resident Shield."
  • Save changes, and exit the application.

Post the ComboFix.txt when completed.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-08-2010, 03:59 AM   #15
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



Disabled AVG resident shield as requested, ran combofix, almost the exact same thing happened as in post 9 of this thread, apart form this time it deleted 8 files and the catchme text was different.

Still no C:\Qoobox folder present.

Catchme text that replaced the combofix programme below.

driver loading error
blondie38 is offline  
Old 03-08-2010, 05:24 AM   #16
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

========================

Download rsit.exe and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
If you do not see the info.txt you can find it in the C:\rsit folder. Please attach that .txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-08-2010, 07:47 AM   #17
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



No reboot required for Malwarebytes' Anti-Malware.

Malwarebytes' Anti-Malware 1.44
Database version: 3836
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

08/03/2010 14:37:28
mbam-log-2010-03-08 (14-37-28).txt

Scan type: Quick Scan
Objects scanned: 109961
Time elapsed: 14 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of random's system information tool 1.06 (written by random/random)
Run by Martyn & Linda at 2010-03-08 14:39:12
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 30 GB (42%) free of 71 GB
Total RAM: 893 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:43, on 08/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Martyn & Linda\Desktop\RSIT.exe
C:\Program Files\trend micro\Martyn & Linda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - https://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9b94f93379931) (gupdate1c9b94f93379931) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8260 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{F86FD1CA-6F44-4672-902B-5FE4BA8888E9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-27 815104]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-16 2043160]
"btbb_McciTrayApp"=C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2009-09-14 1584640]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-25 198160]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-08 14:39:11 ----D---- C:\rsit
2010-03-08 14:19:46 ----D---- C:\Users\Martyn & Linda\AppData\Roaming\Malwarebytes
2010-03-08 14:19:36 ----D---- C:\ProgramData\Malwarebytes
2010-03-08 14:19:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-08 10:25:03 ----D---- C:\Windows\temp
2010-03-08 10:08:28 ----SD---- C:\ComboFix(1)
2010-03-05 22:00:59 ----SD---- C:\ComboFix(0)
2010-03-04 20:46:28 ----SD---- C:\ComboFix
2010-02-27 09:41:00 ----D---- C:\Program Files\Safari
2010-02-27 09:36:46 ----D---- C:\Program Files\iPod
2010-02-27 09:30:33 ----D---- C:\Program Files\Bonjour
2010-02-26 08:38:15 ----A---- C:\ProgramData\hpe7391.dll
2010-02-25 15:54:48 ----D---- C:\Program Files\Avanquest update
2010-02-24 17:47:18 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 17:47:14 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 17:47:14 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 17:47:07 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 17:47:05 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 17:46:45 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 17:46:42 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 17:46:41 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 17:46:41 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 17:46:36 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 17:46:36 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 17:46:36 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 17:46:30 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 17:42:30 ----A---- C:\Windows\system32\tzres.dll
2010-02-21 11:44:50 ----D---- C:\Users\Martyn & Linda\AppData\Roaming\Uniblue
2010-02-10 1850 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 1850 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 1838 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 1838 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 1838 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 1838 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 1838 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 1838 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 1837 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 1837 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 1837 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2010-03-08 18:34:34 ----D---- C:\Windows\system32\config
2010-03-08 18:34:14 ----D---- C:\Windows\System32
2010-03-08 18:34:14 ----D---- C:\Program Files\Windows Defender
2010-03-08 18:34:13 ----D---- C:\Windows\Tasks
2010-03-08 18:34:13 ----D---- C:\Windows\system32\Tasks
2010-03-08 18:34:13 ----D---- C:\Windows\system32\spool
2010-03-08 18:34:13 ----D---- C:\Windows\system32\Msdtc
2010-03-08 18:34:13 ----D---- C:\Windows\system32\CodeIntegrity
2010-03-08 18:34:13 ----D---- C:\Windows\system32\catroot2
2010-03-08 18:34:13 ----D---- C:\Windows\inf
2010-03-08 18:34:13 ----D---- C:\Windows
2010-03-08 18:33:58 ----D---- C:\Windows\erdnt
2010-03-08 18:33:57 ----D---- C:\qoobox
2010-03-08 18:33:56 ----D---- C:\Windows\system32\wbem
2010-03-08 18:33:56 ----D---- C:\Windows\registration
2010-03-08 14:39:43 ----D---- C:\Program Files\Trend Micro
2010-03-08 14:39:27 ----D---- C:\Windows\Prefetch
2010-03-08 14:19:38 ----D---- C:\Windows\system32\drivers
2010-03-08 14:19:36 ----RD---- C:\Program Files
2010-03-08 14:19:36 ----HD---- C:\ProgramData
2010-03-08 10:55:55 ----SHD---- C:\System Volume Information
2010-03-08 10:26:08 ----SHD---- C:\Boot
2010-03-08 10:23:03 ----SHD---- C:\$Recycle.Bin
2010-03-08 10:17:19 ----D---- C:\Windows\AppPatch
2010-03-08 10:17:18 ----D---- C:\Program Files\Common Files
2010-03-06 11:49:33 ----SHD---- C:\Windows\Installer
2010-03-04 20:39:11 ----SD---- C:\Users\Martyn & Linda\AppData\Roaming\Microsoft
2010-03-04 20:38:59 ----D---- C:\ProgramData\avg8
2010-03-04 20:38:54 ----RD---- C:\Users
2010-03-01 16:07:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-27 20:34:50 ----D---- C:\Users\Martyn & Linda\AppData\Roaming\LimeWire
2010-02-27 20:23:26 ----D---- C:\Program Files\LimeWire
2010-02-27 09:37:57 ----D---- C:\Program Files\iTunes
2010-02-27 09:36:44 ----D---- C:\Program Files\Common Files\Apple
2010-02-26 08:39:37 ----D---- C:\Windows\system32\catroot
2010-02-26 08:37:45 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-26 08:37:45 ----D---- C:\Program Files\Sony Ericsson
2010-02-25 07:56:19 ----D---- C:\Windows\rescache
2010-02-24 21:58:10 ----D---- C:\Windows\winsxs
2010-02-24 21:57:57 ----D---- C:\Windows\system32\en-US
2010-02-24 17:11:08 ----RSD---- C:\Windows\Fonts
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-21 19:14:45 ----D---- C:\Windows\Minidump
2010-02-21 11:39:25 ----D---- C:\Users\Martyn & Linda\AppData\Roaming\MP3Rocket
2010-02-21 11:25:40 ----D---- C:\Program Files\Java
2010-02-21 10:26:01 ----SD---- C:\Windows\Downloaded Program Files
2010-02-20 10:02:08 ----D---- C:\ProgramData\AVG Security Toolbar
2010-02-14 11:09:25 ----HD---- C:\$AVG8.VAULT$
2010-02-10 22:32:59 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-09-01 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-09-01 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-21 108552]
R1 RapportBuka;RapportBuka; \??\C:\Windows\system32\drivers\RapportBuka.sys [2010-01-07 402432]
R1 RapportKELL;RapportKELL; \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys [2010-03-04 58984]
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [2010-03-04 108904]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-25 2387456]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr61.sys [2009-06-10 335872]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-01-10 50688]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-27 179896]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
S3 catchme;catchme; \??\C:\Users\M [2010-03-04 262144]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2009-07-20 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2009-07-20 25512]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2009-12-07 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2009-12-07 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-01-25 561152]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-01 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-01 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Brother XP spl Service;BrSplService; C:\Windows\system32\brsvc01a.exe [2002-04-11 57344]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-08-24 319488]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-03-04 779496]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate1c9b94f93379931;Google Update Service (gupdate1c9b94f93379931); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-09 133104]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-03-08 14:39:50

======Uninstall list======

-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BT Broadband Desktop Help-->C:\Program Files\BT Broadband Desktop Help\btbb\unBTBDH.exe
BT Wireless Connection Manager-->C:\Program Files\Common Files\Motive\InstallHelper.exe /dir=C:\Program Files\Common Files\Motive /uninstallvendor=btbb_wcm /uninstallkey=BT Wireless Connection Manager
BTHomeHub-->C:\Program Files.\BTHomeHub.\Uninstall.exe BTHomeHub2.0
Canon MP140 series User Registration-->C:\Program Files\Canon\IJEREG\MP140 series\UNINST.EXE
Canon MP140 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series /L0x0009
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 5.4.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Money Personal & Business-->C:\Program Files\Microsoft Money\setup\setup.exe
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{6869591A-7DD8-46D2-837F-57CBF7358955}
Nokia PC Suite-->C:\ProgramData\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
Nokia PC Suite-->MsiExec.exe /I{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PC Connectivity Solution-->MsiExec.exe /I{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Rapport-->msiexec /x{1DD81E7D-0D28-4ceb-87B2-C041A4FCB215} /lvx+ "C:\ProgramData\Trusteer\Rapport\logs\uninstall.log"
Rapport-->MsiExec.exe /X{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Safari-->MsiExec.exe /I{46A5D1D1-8956-497C-92FB-59C44EFA6214}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Sony Ericsson Media Manager 1.0-->MsiExec.exe /X{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}
Sony Ericsson PC Suite 6.009.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_48f6f624\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_51d2d3e1\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_e5643fdd\nokbtmdm.inf
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_3a2e1afb\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_d5bc047a\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->%ProgramFiles%\Windows Live Safety Center\wlschost.exe -Uninstall
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Spybot - Search and Destroy
AS: Windows Defender

======System event log======

Computer Name: Us2
Event Code: 7000
Message: The Security Center service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.
Record Number: 311638
Source Name: Service Control Manager
Time Written: 20091119074122.000000-000
Event Type: Error
User:

Computer Name: Us2
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 311545
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091119073909.614253-000
Event Type: Error
User:

Computer Name: Us2
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 311536
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20091118220729.028375-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Us2
Event Code: 10010
Message: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Record Number: 311522
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20091118220703.000000-000
Event Type: Error
User:

Computer Name: Us2
Event Code: 7000
Message: The Security Center service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.
Record Number: 311511
Source Name: Service Control Manager
Time Written: 20091118161535.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Us2
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 37368
Source Name: Microsoft-Windows-EventSystem
Time Written: 20080730063044.000000-000
Event Type: Error
User:

Computer Name: Us2
Event Code: 1000
Message: Faulting application brsvc01a.exe, version 1.0.0.3, time stamp 0x3cb65dc7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x6e4, application start time 0x01c8f13edbb78344.
Record Number: 37310
Source Name: Application Error
Time Written: 20080729062851.000000-000
Event Type: Error
User:

Computer Name: Us2
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 37279
Source Name: Microsoft-Windows-EventSystem
Time Written: 20080729054751.000000-000
Event Type: Error
User:

Computer Name: Us2
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16681, time stamp 0x48113d17, faulting module Flash9d.ocx, version 9.0.47.0, time stamp 0x466daac0, exception code 0xc0000005, fault offset 0x00099a25, process id 0x17a0, application start time 0x01c8f0cc166487bc.
Record Number: 37273
Source Name: Application Error
Time Written: 20080728160908.000000-000
Event Type: Error
User:

Computer Name: Us2
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 37197
Source Name: Microsoft-Windows-EventSystem
Time Written: 20080727214335.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Us2
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: US2$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x290
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 101982
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090630090130.031023-000
Event Type: Audit Success
User:

Computer Name: Us2
Event Code: 5024
Message: The Windows Firewall Service has started successfully.
Record Number: 101981
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090630090128.035057-000
Event Type: Audit Success
User:

Computer Name: Us2
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1dfbe
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 101980
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090630090126.982390-000
Event Type: Audit Success
User:

Computer Name: Us2
Event Code: 5033
Message: The Windows Firewall Driver has started successfully.
Record Number: 101979
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090630090125.718750-000
Event Type: Audit Success
User:

Computer Name: Us2
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 101978
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090630090125.421875-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION"=0e0c
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
blondie38 is offline  
Old 03-13-2010, 06:32 AM   #18
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



Have you had chance to look at the above log. Things still running slow. TIA
blondie38 is offline  
Old 03-13-2010, 11:05 AM   #19
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks for bumping - I did lose track of you, my apologies.

Quote:
Still no C:\Qoobox folder present.
Would you mind looking again? According to the above log, it is there.

2010-03-08 18:33:57 ----D---- C:\qoobox

If you find it, please report back what you see inside it.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-13-2010, 03:26 PM   #20
Registered Member
 
Join Date: Mar 2008
Posts: 33
OS: window vista / xp



Found it, screenshot attached
Attached Thumbnails
Click image for larger version

Name:	qoobox.jpg
Views:	67
Size:	121.1 KB
ID:	67505  
blondie38 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:07 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts