Author Topic: Computer Freezes, Won't Run Programs on restart (Read 819 times)

Slovo · « **on:** January 26, 2009, 10:41:55 AM »

Good morning.

For the past few months my computer has had an issue where it will suddenly either refuse to run any new programs or just freeze up altogether. I have to manually restart the computer, and when I do, the same issues will arise right from the start. Usually I have to restart 3 or 4 times manually before the computer will run properly.

There is no predictable way to see when or why the issue keeps happening, and I don't want to restore my computer back to factory settings.

Below is my log, any help will be appreciated. Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:23 AM, on 1/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] "C:\Windows\system32\rundll32.exe" C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] "C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe"
O4 - HKLM\..\Run: [ANIWZCSService] "C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8620 bytes

guestolo · « **Reply #1 on:** January 27, 2009, 05:55:30 PM »

It doesn't appear to be anything malicious
But why not try the following
Download [color=\"#FF0000\"]> ATF Cleaner <[/color] by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log from MBAM

Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

Double click on RSIT.exe to launch program.
Click Continue at the disclaimer screen.
Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].

Post both those logs please
NOTE: You may get an error message posting back log.txt
If you do, can you upload it, if you need instructions to upload, let me know

Slovo · « **Reply #2 on:** January 28, 2009, 12:21:27 AM »

First off, thank you so much for getting back to me, much appreciated. I ran all the instructions, but when I restarted after running MBAM, I still found myself having to restart windows 3 times before I can get it to open any programs, even task manager.

Here are the logs I received from all those programs. I broke it up into separate posts:

mbam-log
Malwarebytes' Anti-Malware 1.33
Database version: 1701
Windows 6.0.6001 Service Pack 1

1/27/2009 11:49:34 PM
mbam-log-2009-01-27 (23-49-34).txt

Scan type: Quick Scan
Objects scanned: 51902
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Slovo · « **Reply #3 on:** January 28, 2009, 12:22:38 AM »

log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-28 00:15:37
MicrosoftÂ® Windows Vistaâ„¢ Home Premium Service Pack 1
System drive C: has 53 GB (16%) free of 334 GB
Total RAM: 3070 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:00 AM, on 1/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] "C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe"
O4 - HKLM\..\Run: [ANIWZCSService] "C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8271 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{DE39FACE-31B0-4768-BFAD-D98EB0F0A54C}.job
C:\Windows\tasks\wrSpySweeper_L9245EF0A12EC4980B1F11C42D9EF3ABB.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL [2008-10-10 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2008-01-10 92704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-01-10 8530464]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-01-10 88608]
""= []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-11 185896]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936]
"D-Link AirPlus Xtreme G"=C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe [2003-09-19 2498560]
"ANIWZCSService"=C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe [2003-08-21 32768]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-08 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 5418864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
C:\Windows\SMINST\launcher.exe [2007-11-15 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-10-04 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MRI_DISABLED

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5534e9f4-148a-11dd-a8b7-001e902007b4}]
shell\AutoRun\command - semo2x.exe
shell\explore\command - semo2x.exe
shell\open\command - semo2x.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efc0708d-1f03-11dd-aaf9-001e902007b4}]
shell\AutoRun\command - K:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f783857c-8ced-11dd-8bf1-001e902007b4}]
shell\AutoRun\command - N:\LaunchU3.exe

======List of files/folders created in the last 1 months======

2009-01-28 00:15:37 ----D---- C:\rsit
2009-01-27 23:42:10 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2009-01-27 23:41:57 ----D---- C:\ProgramData\Malwarebytes
2009-01-27 23:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-26 10:27:53 ----D---- C:\Program Files\Trend Micro
2009-01-21 23:43:12 ----D---- C:\Program Files\Aspell
2009-01-19 21:43:06 ----D---- C:\Program Files\7-Zip
2009-01-09 16:26:19 ----D---- C:\Program Files\Ares

======List of files/folders modified in the last 1 months======

2009-01-28 00:15:51 ----D---- C:\Windows\Prefetch
2009-01-28 00:15:34 ----D---- C:\Windows\Temp
2009-01-28 00:13:06 ----D---- C:\Windows\System32
2009-01-28 00:13:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-28 00:13:05 ----D---- C:\Windows\inf
2009-01-27 23:54:29 ----D---- C:\Windows\system32\drivers
2009-01-27 23:54:29 ----D---- C:\WINDOWS
2009-01-27 23:49:33 ----RD---- C:\Program Files
2009-01-27 23:41:57 ----HD---- C:\ProgramData
2009-01-27 23:22:53 ----D---- C:\Users\Owner\AppData\Roaming\.purple
2009-01-27 16:52:28 ----D---- C:\Users\Owner\AppData\Roaming\uTorrent
2009-01-26 14:56:32 ----SHD---- C:\System Volume Information
2009-01-24 17:51:58 ----D---- C:\Users\Owner\AppData\Roaming\gtk-2.0
2009-01-22 22:22:41 ----RSD---- C:\Windows\Fonts
2009-01-21 23:56:05 ----D---- C:\Program Files\Pidgin
2009-01-21 23:41:16 ----D---- C:\Program Files\Common Files\GTK
2009-01-21 12:15:14 ----D---- C:\Windows\winsxs
2009-01-21 10:59:10 ----D---- C:\Windows\system32\catroot
2009-01-21 10:59:08 ----D---- C:\Program Files\Windows Mail
2009-01-13 22:12:34 ----D---- C:\Windows\system32\catroot2
2009-01-09 20:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-07 21:55:35 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-11 255536]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NAV\1002000.007\ccHPx86.sys [2008-10-10 362544]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-10-10 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090120.002\IDSvix86.sys [2008-10-10 289840]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\System32\Drivers\NAV\1002000.007\SRTSPX.SYS [2008-12-11 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-12-11 25136]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\NAV\1002000.007\SYMTDI.SYS [2008-12-11 198192]
R2 ANIO;ANIO Service; \??\C:\Windows\system32\ANIO.SYS [2003-05-05 28205]
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2008-08-09 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 TSS_FSFILTER;Dynamic ED Controller; \??\C:\Windows\system32\DRIVERS\TSSFSFD.SYS [2006-11-30 52224]
R2 TSSFLT;TriSecurity System - Filter Driver; C:\Windows\System32\DRIVERS\tssflt.sys [2006-11-30 52224]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 dhdusb.NTx86;Dynex Wireless G USB Network Adapter Service; C:\Windows\system32\DRIVERS\bcmusbdhdlh.sys [2007-09-20 241656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-10 99376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090127.025\NAVENG.SYS [2008-12-09 89104]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090127.025\NAVEX15.SYS [2008-12-09 876112]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-17 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-01-10 8237120]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NAV\1002000.007\SRTSP.SYS [2008-12-11 306736]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\Windows\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\NAV\1002000.007\SYMDNS.SYS [2008-12-11 12976]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-10-10 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\NAV\1002000.007\SYMFW.SYS [2008-12-11 89904]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\NAV\1002000.007\SYMNDISV.SYS [2008-12-11 40496]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS [2008-12-11 24624]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\Windows\system32\DRIVERS\A3AB.sys [2003-09-09 323008]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 DynamicEDController;Dynamic ED Controller; \??\C:\Windows\system32\drivers\TSSFSFD.SYS [2006-11-30 52224]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-12-07 131616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-12 13312]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-11 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-08-09 3585384]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-11 72704]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-23 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]

-----------------EOF-----------------

Slovo · « **Reply #4 on:** January 28, 2009, 12:25:03 AM »

info.txt

info.txt logfile of random's system information tool 1.05 2009-01-28 00:16:04

======Uninstall list======

-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
3D Pinball from Plus! for Windows 95-->RunDll setupx.dll,InstallHinfSection Uninstall 4 pinball.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
AccessDiver v4.402-->"C:\Program Files\Accessdiver\unins000.exe"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM MusicLink 2.2.0.0-->C:\PROGRA~1\AIMMUS~1\UNWISE.EXE C:\PROGRA~1\AIMMUS~1\INSTALL.LOG
AIM MusicLink 4.0.0.0-->C:\PROGRA~1\AIMMUS~1\UNWISE.EXE C:\PROGRA~1\AIMMUS~1\INSTALL.LOG
AirPlus Xtreme G-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79B92240-9C65-4DD7-B1AD-59910D2C1353}
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74FCFEA6-7447-4BDB-BFEC-FF195AA62A13}\Setup.exe"
AOL Instant Messenger-->C:\PROGRA~1\AIM\uninstll.exe -LOG= C:\PROGRA~1\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.1.1-->"C:\Program Files\Ares\uninstall.exe"
Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
dBpoweramp Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
Dynex Wireless G USB Network Adapter Setup-->C:\Program Files\InstallShield Installation Information\{531D27E5-DE21-4777-9EDB-B7803087E7F3}\setup.exe -runfromtemp -l0x0009 -removeonly
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
GTK+ Runtime 2.14.6 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{fef8097e-662d-49b3-aa77-2919db3746d7}
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(tm) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(tm) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(tm) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
Last.fm 1.5.1.30182-->"C:\Program Files\Last.fm\unins000.exe"
LightScribe System Software 1.10.23.1-->MsiExec.exe /X{0E19A83E-F53B-40CF-8C91-96F32D955E6A}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B0-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{5115C036-C0D5-4E1B-81C9-542CA967478A}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.2.0.7\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Pirates Buster for e-Book/Application (Decoder for Eisys)-->C:\Program Files\InstallShield Installation Information\{93C430F3-57D1-43D5-939D-86408336BEAF}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
SPOREâ„¢ Creature Creator Trial Edition-->"C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Symantec Technical Support Web Controls-->MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 mpa.one.microsoft.com

======Security center information======

AS: Windows Defender
AS: Webroot Spy Sweeper

System event log

Computer Name: Owner-PC
Event Code: 537
Message: A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer. TBS could not be started.
Record Number: 55772
Source Name: Microsoft-Windows-TBS
Time Written: 20090128051117.948866-000
Event Type: Information
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Owner-PC
Event Code: 7036
Message: The Application Information service entered the running state.
Record Number: 55773
Source Name: Service Control Manager
Time Written: 20090128051136.000000-000
Event Type: Information
User:

Computer Name: Owner-PC
Event Code: 7036
Message: The Windows Update service entered the running state.
Record Number: 55774
Source Name: Service Control Manager
Time Written: 20090128051148.000000-000
Event Type: Information
User:

Computer Name: Owner-PC
Event Code: 10029
Message: DCOM started the service TrustedInstaller with arguments "" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 55775
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090128051242.000000-000
Event Type: Information
User:

Computer Name: Owner-PC
Event Code: 7036
Message: The Windows Modules Installer service entered the running state.
Record Number: 55776
Source Name: Service Control Manager
Time Written: 20090128051243.000000-000
Event Type: Information
User:

Application event log

Computer Name: Owner-PC
Event Code: 0
Message: Service started successfully.
Record Number: 9831
Source Name: HP Health Check Service
Time Written: 20090128051104.000000-000
Event Type: Information
User:

Computer Name: Owner-PC
Event Code: 1
Message: The Windows Security Center Service has started.
Record Number: 9832
Source Name: SecurityCenter
Time Written: 20090128051120.000000-000
Event Type: Information
User:

Computer Name: Owner-PC
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
Record Number: 9833
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090128051305.000000-000
Event Type: Information
User:

Computer Name: Owner-PC
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Record Number: 9834
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090128051306.000000-000
Event Type: Information
User:

Computer Name: Owner-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 9835
Source Name: LightScribeService
Time Written: 20090128051602.000000-000
Event Type: Information
User:

Security event log

Computer Name: Owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 17668
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090128051557.499966-000
Event Type: Audit Failure
User:

Computer Name: Owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 17669
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090128051557.540966-000
Event Type: Audit Failure
User:

Computer Name: Owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 17670
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090128051557.590966-000
Event Type: Audit Failure
User:

Computer Name: Owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 17671
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090128051557.650966-000
Event Type: Audit Failure
User:

Computer Name: Owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 17672
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090128051557.702966-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0202
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

guestolo · « **Reply #5 on:** February 08, 2009, 02:28:45 PM »

Very sorry for the long delay, are you still in need of a hand?

Slovo · « **Reply #6 on:** February 16, 2009, 12:36:57 AM »

[quote name=\'guestolo\' post=\'457509\' date=\'Feb 8 2009, 02:28 PM\']Very sorry for the long delay, are you still in need of a hand?[/quote]

Yes I am actually. My computer still continues to have the same problems at random, and it is becoming very frustrating.

guestolo · « **Reply #7 on:** February 16, 2009, 08:53:42 AM »

download Flash_Disinfector and save it to your desktop

Right Click on Flash_Disinfector.exe and select Run As Administrator to run it. If you receive a prompt, please allow it.
You will be prompted to plug in your flash drive. Plug it in. If you have more than one, plug them in
Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Leave any/all Pendrive, external harddrive, etc.. connected

Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#0000FF\"]Link 3[/color]
Save it ONLY to your Desktop

--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool[/color]

Right click on ComboFix.exe and choose to "Run as Administrator" & follow the prompts.

Click on YES to Scan for Malware

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may reboot the computer and run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Slovo · « **Reply #8 on:** February 16, 2009, 05:18:15 PM »

Thank you for your help. Here is the log from this step. As always, I will update on the status. Thank you again.

ComboFix 09-02-15.01 - Owner 2009-02-16 15:21:03.1 - NTFSx86
MicrosoftÂ® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1290 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.

2009-02-16 15:04 . 2009-02-16 15:04 318,976 --a------ c:\windows\System32\cmd.execf
2009-01-29 23:20 . 2009-01-29 23:20 <DIR> dr------- c:\users\Guest\Videos
2009-01-29 23:20 . 2009-01-29 23:20 <DIR> dr------- c:\users\Guest\Searches
2009-01-29 23:20 . 2009-01-29 23:20 <DIR> dr------- c:\users\Guest\Saved Games
2009-01-29 23:20 . 2009-01-29 23:20 <DIR> dr------- c:\users\Guest\Pictures
2009-01-29 23:20 . 2009-01-29 23:20 <DIR> dr------- c:\users\Guest\Music
2009-01-29 23:20 . 2009-01-29 23:20 <DIR> dr------- c:\users\Guest\Links
2009-01-29 23:20 . 2009-01-29 23:20 <DIR> dr------- c:\users\Guest\Downloads
2009-01-29 23:20 . 2009-01-29 23:20 <DIR> dr------- c:\users\Guest\Documents
2009-01-29 23:20 . 2009-01-29 23:20 <DIR> dr------- c:\users\Guest\Contacts
2009-01-29 23:20 . 2006-11-02 07:37 <DIR> d-------- c:\users\Guest\AppData\Roaming\Media Center Programs
2009-01-29 23:20 . 2009-01-29 23:20 <DIR> d--h----- c:\users\Guest\AppData
2009-01-29 23:20 . 2009-01-29 23:20 <DIR> d-------- c:\users\Guest
2009-01-28 00:15 . 2009-01-28 00:16 <DIR> d-------- C:\rsit
2009-01-27 23:42 . 2009-01-27 23:42 <DIR> d-------- c:\users\Owner\AppData\Roaming\Malwarebytes
2009-01-27 23:42 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-27 23:41 . 2009-01-27 23:41 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-27 23:41 . 2009-01-27 23:41 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-27 23:41 . 2009-01-27 23:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-27 23:41 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-26 10:27 . 2009-01-26 10:27 <DIR> d-------- c:\program files\Trend Micro
2009-01-21 23:43 . 2009-01-21 23:55 <DIR> d-------- c:\program files\Aspell
2009-01-19 21:43 . 2009-01-19 21:43 <DIR> d-------- c:\program files\7-Zip
2009-01-17 05:10 . 2008-12-15 21:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 20:14 --------- d-----w c:\users\Owner\AppData\Roaming\.purple
2009-02-16 19:08 --------- d-----w c:\users\Owner\AppData\Roaming\uTorrent
2009-02-16 02:31 --------- d-----w c:\users\Owner\AppData\Roaming\gtk-2.0
2009-02-16 01:20 --------- d-----w c:\programdata\WildTangent
2009-02-02 22:18 --------- d-----w c:\users\Owner\AppData\Roaming\CyberLink
2009-01-22 04:56 --------- d-----w c:\program files\Pidgin
2009-01-22 04:41 --------- d-----w c:\program files\Common Files\GTK
2009-01-21 15:59 --------- d-----w c:\program files\Windows Mail
2009-01-09 21:27 --------- d-----w c:\program files\Ares
2008-12-08 12:42 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2007-08-24 13:52 300,400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-01-15 4874240]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 185896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"D-Link AirPlus Xtreme G"="c:\program files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-09-19 2498560]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-05-07 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 06:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 19:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2006-12-08 10:16 65536 c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
--a------ 2007-11-15 19:17 44168 c:\windows\SMINST\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
--a------ 2007-10-04 12:28 73728 c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-04-07 05:56 132760 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{66FF478D-B587-42F0-A9A9-9DA050E4B7C6}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{CC207EB4-9815-44EA-8A84-C224B259C647}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{744674D4-7D9A-40EF-960D-F2FC8701B121}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3C136ED2-EA96-46DD-9E66-2022974AFA56}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{56EAF1FF-FCC2-4824-961D-C767B7A206B8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{861A4B52-AA2B-4923-82AA-1C74EEF58629}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E9B40060-5D02-4175-9B7B-055AFBC170C5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{5F2DBE34-4919-4A08-95B4-F1465C50C7CD}c:\\windows\\lmib52b.tmp\\lmi_rescue.exe"= UDP:c:\windows\lmib52b.tmp\lmi_rescue.exe:LogMeIn Rescue
"UDP Query User{EC2D4FAD-D856-4E00-B145-BC29E49BFB82}c:\\windows\\lmib52b.tmp\\lmi_rescue.exe"= TCP:c:\windows\lmib52b.tmp\lmi_rescue.exe:LogMeIn Rescue
"TCP Query User{ED99EAA4-6CE0-4601-8146-C92EE7BB4A62}c:\\users\\owner\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:c:\users\owner\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{E648631A-5FD3-4174-ACB3-008D37E6E60C}c:\\users\\owner\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:c:\users\owner\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{0B72353E-CA8A-4533-90F9-24A246357471}c:\\windows\\lmib52b.tmp\\lmi_rescue.exe"= UDP:c:\windows\lmib52b.tmp\lmi_rescue.exe:LogMeIn Rescue
"UDP Query User{00A99E8F-A921-4B47-B0DB-53E53BD51032}c:\\windows\\lmib52b.tmp\\lmi_rescue.exe"= TCP:c:\windows\lmib52b.tmp\lmi_rescue.exe:LogMeIn Rescue
"{585D265D-A1C1-478F-97EB-D7624F640C11}"= UDP:37213:Torrent_tcp
"{9CC9AAD5-95E1-4B7D-BEF8-F4AFC10AC3F0}"= TCP:37213:Torrent_udp
"TCP Query User{29226730-6B28-4BF9-BEE8-5D6C1B293246}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{C6B7F99E-028D-4E0F-AA27-6F5E7BE05E58}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{B39DE96D-6CAB-4C36-98B4-0C586488C33F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{81579B51-74CD-440C-94A4-DE84313073DF}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5957923D-66A3-4387-A0D3-47DDF10C6BFD}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0CBD6FB2-1AD2-46FD-ACAF-1FE5FC26CD17}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{230D7BDC-BF38-4172-B984-981097D1650A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{841531EE-153E-405D-B049-105D47CEC590}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0DBE351F-8794-499F-BECA-1A8E809EBC94}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2A8AD45C-2F4F-4075-843D-C21E65096C97}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{C5580CAE-6C0B-4592-998B-768F38C4646D}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{D5D2137B-8B60-43E3-BFBE-E352FF74D2B7}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{98CF9F14-4CAE-4345-95D7-91296CD13339}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{D8660E1B-7C35-49EA-B8D0-F432BEE6645F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{16DA0671-EB22-45F7-B1CD-8CB46C30F101}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{65E92CAB-DB52-4BE5-A3A2-E96203BBDCB1}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{85692FB7-DD95-4444-87BD-DFAB833E9D5A}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{6892AF93-7902-4F64-B58C-0F2EEA07CC8E}"= UDP:c:\program files\uTorrent\uTorrent.exe:ÂµTorrent (TCP-In)
"{C4FCD8E2-C1B3-4729-8C0A-216ACF58F8F0}"= TCP:c:\program files\uTorrent\uTorrent.exe:ÂµTorrent (UDP-In)
"{39A2A432-F742-414C-99CC-2B818F77E2C0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{51BDE531-5874-43A6-ADE4-E7616563BC5F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{0FF40433-934B-4B0C-8594-E433018B93EA}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{8ACFA204-5EC3-47A3-8AB5-CD46865DA8E4}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{FFAF7607-A357-48DF-9008-9B16DFCA3A38}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:ÂµTorrent
"UDP Query User{ECFF7722-6886-483B-A693-C8312B46C095}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:ÂµTorrent
"TCP Query User{A7BE76B1-4EC5-41CF-8573-4B86AF96B7FB}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{66869629-14F8-4612-B5F4-F61DAAACA413}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{B66F01E7-D602-42FE-8E95-E3D765DA5BE3}c:\\program files\\ares vista\\aresvista.exe"= UDP:c:\program files\ares vista\aresvista.exe:Ares Vista
"UDP Query User{79465214-E4E5-438E-877D-0E47F9B4AA03}c:\\program files\\ares vista\\aresvista.exe"= TCP:c:\program files\ares vista\aresvista.exe:Ares Vista
"{433D18E4-E592-4A98-8BA3-257C9ECDE765}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F4B97EA9-1441-4807-8B6E-6D1B950BE530}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D52519D4-A8EB-49AE-9B39-AE0507FF7B6F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8FBD949E-C949-44DE-ACF2-3DCB9CEEC397}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [2008-08-09 29808]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1002000.007\cchpx86.sys [2008-12-18 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090212.003\IDSvix86.sys [2009-02-15 292912]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-18 115560]
R2 TSS_FSFILTER;Dynamic ED Controller;c:\windows\System32\drivers\TSSFSFD.sys [2008-08-10 52224]
R2 TSSFLT;TriSecurity System - Filter Driver;c:\windows\System32\drivers\TSSFLT.sys [2008-08-10 52224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-05-11 24652]
R3 dhdusb.NTx86;Dynex Wireless G USB Network Adapter Service;c:\windows\System32\drivers\bcmusbdhdlh.sys [2008-08-25 241656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-10 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NAV\1002000.007\symndisv.sys [2008-12-18 40496]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\System32\drivers\A3AB.sys [2003-09-09 323008]
S3 DynamicEDController;Dynamic ED Controller;c:\windows\System32\drivers\TSSFSFD.sys [2008-08-10 52224]

--- Other Services/Drivers In Memory ---

*Deregistered* - SymEFA

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - k:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5534e9f4-148a-11dd-a8b7-001e902007b4}]
\shell\AutoRun\command - semo2x.exe
\shell\explore\Command - semo2x.exe
\shell\open\Command - semo2x.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efc0708d-1f03-11dd-aaf9-001e902007b4}]
\shell\AutoRun\command - k:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f783857c-8ced-11dd-8bf1-001e902007b4}]
\shell\AutoRun\command - N:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-16 c:\windows\Tasks\User_Feed_Synchronization-{DE39FACE-31B0-4768-BFAD-D98EB0F0A54C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 21:24]

2009-02-16 c:\windows\Tasks\wrSpySweeper_L9245EF0A12EC4980B1F11C42D9EF3ABB.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]

2009-02-16 c:\windows\Tasks\wrSpySweeper_L9245EF0A12EC4980B1F11C42D9EF3ABB.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]

2009-02-16 c:\windows\Tasks\wrSpySweeper_L9245EF0A12EC4980B1F11C42D9EF3ABB.job
- C:\ [2009-02-16 15:18]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.
------- Supplementary Scan -------
.
uStart Page = home.netscape.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: pprinc.net
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\h6emj99r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&btnG=Google+Search&source=iglk|http://www.facebook.com/home.php|http://www.myspace.com/
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 16:07:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-16 16:33:15
ComboFix-quarantined-files.txt 2009-02-16 21:32:40

Pre-Run: 48,004,964,352 bytes free
Post-Run: 47,468,998,656 bytes free

229 --- E O F --- 2009-01-21 15:59:11

guestolo · « **Reply #9 on:** February 17, 2009, 12:06:07 AM »

Access Programs and Features in Control Panel and uninstall older updates of Java
This includes:
Javaâ„¢ 6 Update 7
Javaâ„¢ SE Runtime Environment 6 Update 1

Also, uninstall
Viewpoint Media Player

Download [color=\"blue\"]OTMoveIt3.exe[/color] by OldTimer:

Save it to your desktop.
Right-Click on OTMoveit3.exe on desktop and select Run As Administrator
Copy the entries below in BLUE to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]:Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5534e9f4-148a-11dd-a8b7-001e902007b4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efc0708d-1f03-11dd-aaf9-001e902007b4}][/color]

======================================================
Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log

Post that log please with a fresh Hijackthis log and let me know how things are now running

Slovo · « **Reply #10 on:** February 17, 2009, 01:29:26 AM »

Here is the MoveIt Log:

========== FILES ==========
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5534e9f4-148a-11dd-a8b7-001e902007b4}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efc0708d-1f03-11dd-aaf9-001e902007b4}\\ deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02172009_012617

Slovo · « **Reply #11 on:** February 17, 2009, 01:30:29 AM »

And the latest Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:00 AM, on 1/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] "C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe"
O4 - HKLM\..\Run: [ANIWZCSService] "C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8271 bytes

guestolo · « **Reply #12 on:** February 17, 2009, 08:56:36 AM »

Can you do the following, I'm seeing an old log from Hijackthis
Navigate to the following folder
C:\Program Files\Trend Micro\HijackThis
In that folder, delete any old logs that Hijackthis created

On your desktop, Right click on the Shortcut to Hijackthis and select to "Run as Administrator"
Do a Fresh Scan and save logfile with Hijackthis and post it

In addition, keep me informed how things are running

Slovo · « **Reply #13 on:** February 18, 2009, 09:10:33 AM »

Sorry about that, here's the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:46 AM, on 2/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] "C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe"
O4 - HKLM\..\Run: [ANIWZCSService] "C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7008 bytes

guestolo · « **Reply #14 on:** February 18, 2009, 09:30:01 AM »

Well, it looks alright, but I can't tell how it's running on my end if you don't keep me informed?

Slovo · « **Reply #15 on:** February 18, 2009, 02:44:06 PM »

Since the last steps, things have been running pretty well, but that's how it seems every time. If something comes up I'll let you know. Thank you so much for your help, I really do appreciate it.

Slovo · « **Reply #16 on:** February 19, 2009, 04:22:07 PM »

It happened again!

Everything was working on my computer all day long, then when I went to open a program, it failed to load, then I went back to Firefox, which froze and wouldn't respond. I then went to open the task manager, which froze as it tried to load. I then went to restart the computer via the start menu, which froze as well.

Upon restart, the computer would not load any programs, then freeze up again. I had to manually reset the computer 4 times to get it back up an running.

guestolo · « **Reply #17 on:** February 19, 2009, 04:27:15 PM »

Let's try and see if anything new has risen
If you don't still have Rsit.exe
Do the following
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

Right Click on RSIT.exe and choose to "Run as Adminstrator"
Click Continue at the disclaimer screen.
Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].

Can you post the log that open>>log.txt

Slovo · « **Reply #18 on:** February 19, 2009, 04:40:52 PM »

Here is log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-02-19 16:38:40
MicrosoftÂ® Windows Vistaâ„¢ Home Premium Service Pack 1
System drive C: has 52 GB (15%) free of 334 GB
Total RAM: 3070 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:05 PM, on 2/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Users\Owner\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Users\Owner\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] "C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe"
O4 - HKLM\..\Run: [ANIWZCSService] "C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7575 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{DE39FACE-31B0-4768-BFAD-D98EB0F0A54C}.job
C:\Windows\tasks\wrSpySweeper_L9245EF0A12EC4980B1F11C42D9EF3ABB.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL [2008-10-10 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2008-01-10 92704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-01-10 8530464]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-01-10 88608]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-11 185896]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936]
"D-Link AirPlus Xtreme G"=C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe [2003-09-19 2498560]
"ANIWZCSService"=C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe [2003-08-21 32768]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 5418864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
C:\Windows\SMINST\launcher.exe [2007-11-15 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-10-04 73728]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"NoDriveAutoRun"=FFFFFFFF
"NoDriveTypeAutoRun"=36
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f783857c-8ced-11dd-8bf1-001e902007b4}]
shell\AutoRun\command - N:\LaunchU3.exe

======List of files/folders created in the last 1 months======

2009-02-17 10:57:57 ----D---- C:\Program Files\AIM Music Link
2009-02-17 01:26:17 ----D---- C:\_OTMoveIt
2009-02-17 01:20:40 ----A---- C:\Windows\system32\javaw.exe
2009-02-17 01:20:40 ----A---- C:\Windows\system32\java.exe
2009-02-17 00:15:11 ----D---- C:\Program Files\PhotomatixPro3
2009-02-16 16:34:01 ----A---- C:\ComboFix.txt
2009-02-16 15:10:04 ----A---- C:\Windows\zip.exe
2009-02-16 15:10:04 ----A---- C:\Windows\VFIND.exe
2009-02-16 15:10:04 ----A---- C:\Windows\SWXCACLS.exe
2009-02-16 15:10:04 ----A---- C:\Windows\SWSC.exe
2009-02-16 15:10:04 ----A---- C:\Windows\SWREG.exe
2009-02-16 15:10:04 ----A---- C:\Windows\sed.exe
2009-02-16 15:10:04 ----A---- C:\Windows\NIRCMD.exe
2009-02-16 15:10:04 ----A---- C:\Windows\grep.exe
2009-02-16 15:10:04 ----A---- C:\Windows\fdsv.exe
2009-02-16 15:08:23 ----D---- C:\Windows\ERDNT
2009-02-16 15:08:23 ----AD---- C:\Qoobox
2009-02-16 15:04:45 ----A---- C:\Windows\system32\cmd.execf
2009-02-16 14:46:08 ----RASHD---- C:\autorun.inf
2009-02-15 18:47:44 ----A---- C:\Windows\system32\EncDec.dll
2009-02-15 18:47:38 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-11 04:20:37 ----A---- C:\Windows\system32\mshtml.dll
2009-02-11 04:20:36 ----A---- C:\Windows\system32\ieframe.dll
2009-02-11 04:20:34 ----A---- C:\Windows\system32\urlmon.dll
2009-02-11 04:20:33 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-11 04:20:32 ----A---- C:\Windows\system32\wininet.dll
2009-02-11 04:20:32 ----A---- C:\Windows\system32\mstime.dll
2009-02-11 04:20:30 ----A---- C:\Windows\system32\iertutil.dll
2009-02-11 04:20:28 ----A---- C:\Windows\system32\jsproxy.dll
2009-01-28 00:15:37 ----D---- C:\rsit
2009-01-27 23:42:10 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2009-01-27 23:41:57 ----D---- C:\ProgramData\Malwarebytes
2009-01-27 23:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-26 10:27:53 ----D---- C:\Program Files\Trend Micro
2009-01-21 23:43:12 ----D---- C:\Program Files\Aspell

======List of files/folders modified in the last 1 months======

2009-02-19 16:39:03 ----D---- C:\Users\Owner\AppData\Roaming\uTorrent
2009-02-19 16:38:54 ----D---- C:\Windows\Prefetch
2009-02-19 16:38:17 ----D---- C:\Windows\Temp
2009-02-19 15:24:26 ----D---- C:\Users\Owner\AppData\Roaming\.purple
2009-02-18 20:57:23 ----SHD---- C:\System Volume Information
2009-02-18 20:23:57 ----D---- C:\Windows\System32
2009-02-18 20:23:56 ----D---- C:\Windows\inf
2009-02-18 20:23:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-18 09:02:59 ----D---- C:\Windows\winsxs
2009-02-18 08:43:44 ----D---- C:\Windows\Microsoft.NET
2009-02-18 08:43:18 ----RSD---- C:\Windows\assembly
2009-02-18 08:38:33 ----D---- C:\Windows\system32\catroot
2009-02-18 08:38:18 ----D---- C:\Windows\ehome
2009-02-18 08:37:33 ----D---- C:\Program Files\Windows Mail
2009-02-18 03:25:48 ----D---- C:\Windows\system32\catroot2
2009-02-17 23:36:44 ----D---- C:\Users\Owner\AppData\Roaming\gtk-2.0
2009-02-17 10:57:57 ----RD---- C:\Program Files
2009-02-17 10:55:06 ----D---- C:\Program Files\Yahoo!
2009-02-17 10:51:59 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-17 01:25:35 ----SHD---- C:\Windows\Installer
2009-02-17 01:25:24 ----D---- C:\Program Files\Java
2009-02-17 01:25:23 ----D---- C:\Program Files\Common Files
2009-02-17 01:17:20 ----D---- C:\ProgramData\Viewpoint
2009-02-16 16:34:53 ----D---- C:\Windows\system32\en-US
2009-02-16 16:34:35 ----D---- C:\WINDOWS
2009-02-16 16:08:44 ----A---- C:\Windows\system.ini
2009-02-16 15:50:02 ----D---- C:\Windows\system32\drivers
2009-02-16 15:50:02 ----D---- C:\Windows\AppPatch
2009-02-15 20:20:11 ----D---- C:\ProgramData\WildTangent
2009-02-11 23:56:17 ----A---- C:\Windows\system32\mrt.exe
2009-02-05 09:49:49 ----D---- C:\Program Files\Mozilla Firefox
2009-02-02 17:18:06 ----D---- C:\Users\Owner\AppData\Roaming\CyberLink
2009-01-29 23:21:05 ----SHD---- C:\$Recycle.Bin
2009-01-29 23:20:00 ----RD---- C:\Users
2009-01-27 23:41:57 ----HD---- C:\ProgramData
2009-01-22 22:22:41 ----RSD---- C:\Windows\Fonts
2009-01-21 23:56:05 ----D---- C:\Program Files\Pidgin
2009-01-21 23:41:16 ----D---- C:\Program Files\Common Files\GTK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-11 255536]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NAV\1002000.007\ccHPx86.sys [2008-10-10 362544]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-10-10 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090212.003\IDSvix86.sys [2009-01-29 292912]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\System32\Drivers\NAV\1002000.007\SRTSPX.SYS [2008-12-11 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-12-11 25136]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\NAV\1002000.007\SYMTDI.SYS [2008-12-11 198192]
R2 ANIO;ANIO Service; \??\C:\Windows\system32\ANIO.SYS [2003-05-05 28205]
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2008-08-09 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 TSS_FSFILTER;Dynamic ED Controller; \??\C:\Windows\system32\DRIVERS\TSSFSFD.SYS [2006-11-30 52224]
R2 TSSFLT;TriSecurity System - Filter Driver; C:\Windows\System32\DRIVERS\tssflt.sys [2006-11-30 52224]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 dhdusb.NTx86;Dynex Wireless G USB Network Adapter Service; C:\Windows\system32\DRIVERS\bcmusbdhdlh.sys [2007-09-20 241656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-10 99376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090219.003\NAVENG.SYS [2008-12-09 89104]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090219.003\NAVEX15.SYS [2008-12-09 876112]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-17 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-01-10 8237120]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NAV\1002000.007\SRTSP.SYS [2008-12-11 306736]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\Windows\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\NAV\1002000.007\SYMDNS.SYS [2008-12-11 12976]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-10-10 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\NAV\1002000.007\SYMFW.SYS [2008-12-11 89904]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\NAV\1002000.007\SYMNDISV.SYS [2008-12-11 40496]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS [2008-12-11 24624]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\Windows\system32\DRIVERS\A3AB.sys [2003-09-09 323008]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 DynamicEDController;Dynamic ED Controller; \??\C:\Windows\system32\drivers\TSSFSFD.SYS [2006-11-30 52224]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-12-07 131616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-12 13312]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-11 115560]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-08-09 3585384]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-11 72704]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-23 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]

-----------------EOF-----------------

guestolo · « **Reply #19 on:** February 19, 2009, 05:05:50 PM »

Can you do the following please

Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.

* It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to [color=\"#0000FF\"]this page[/color] if you are unsure how to disable your AntiVirus/AntiSpyware applications
* Go to [color=\"#FF0000\"]F-Secure Online[/color] Scanner
* Accept the License Agreement.
* Once the ActiveX installs, click Full System Scan
* Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
* When the scan completes, click the Automatic cleaning (recommended) button.
* Click the Show Report button and copy the entire report in your next reply.

News:

Author Topic: Computer Freezes, Won't Run Programs on restart (Read 819 times)