Computer Issues..

View previous topic View next topic Go down

Computer Issues..

Post by Echelon on 17th November 2010, 5:38 am

Alright so.. Before i explain the problems, i split water on my laptop keyboard a month and a half ago, i haven't had ANY connection issues with my laptop, until the start of last week.. So i highly doubt it's just now effecting my chips inside (Though my keyboard is messed up, had to buy a new one)

Anyways, I've got Comcast and my DL Speed is usually in the 20mb/s, i have two laptops, both return the same download speed, except this one now returns a PING in the 200-300s (used to be 20-40s) I'm not quite sure what the problem is, i can't find any viruses or whatnot.. I've used the following AntiVirus Softwares..

BitDefender Total Security Beta 2011 (Full Product)
ESET Nod32 Smart Security (Full Product)
Norton Security Suite 4 (Full Product & Current Product i'm using)
Malwarebytes' Anti-Malware 1.50 Public Beta

BitDefender found nothing.. ESET found nothing.. Norton found a few Tracking Cookies only..

I've used Microsoft® Windows® Malicious Software Removal Tool as well (Full Scans..)

Malwarebytes Full Scan Results..
Code:

Malwarebytes' Anti-Malware 1.50 Public Beta
[You must be registered and logged in to see this link.]

Database version: 5132

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/17/2010 5:28:02 AM
mbam-log-2010-11-17 (05-28-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 235128
Time elapsed: 2 hour(s), 38 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes Flash Scan results..
Code:

Malwarebytes' Anti-Malware 1.50 Public Beta
[You must be registered and logged in to see this link.]

Database version: 5132

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/17/2010 2:39:53 AM
mbam-log-2010-11-17 (02-39-53).txt

Scan type: Flash scan
Objects scanned: 95995
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Everytime i download something, the speed hits high 1mbs then goes down to 100kb/s and EVERYTHING else i'm using acts like my internet is disconnecting, pages start to run extremely slow, anything else i'm using starts to freeze..

Honestly, i'm pretty decent with computers, but i can't figure out WHAT exactly is the problem.. All i know is, my ping on this Laptop hits mid 300s on speedtests now, i've tried to do Factory Restore but it's near impossible with my broken keyboard.. In order to restart my computer, everything plugged in has to be unplugged, even the power cord or it makes a really loud alarm-type beeping noise, once the Windows Screen comes up, i can plug things in.. So i can't really press any of the F-Keys..

Any Suggestions on what the problem may be? And how to fix it?

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 18th November 2010, 7:33 pm

Ok can't edit my first post anymore..

rkill log
Code:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Echelon on 11/20/2010 at  0:50:07.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Users\Echelon\Desktop\rkill.com


Rkill completed on 11/20/2010  at  0:50:18.

MBRCheck Log
Code:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows Vista Home Basic Edition
Windows Information:      Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:   TOSHIBA
BIOS Manufacturer:      INSYDE
System Manufacturer:      TOSHIBA
System Product Name:      Satellite L305
Logical Drives Mask:      0x0000001c

Kernel Drivers (total 158):
  0x8204C000 \SystemRoot\system32\ntkrnlpa.exe
  0x82019000 \SystemRoot\system32\hal.dll
  0x80609000 \SystemRoot\system32\kdcom.dll
  0x80610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80680000 \SystemRoot\system32\PSHED.dll
  0x80691000 \SystemRoot\system32\BOOTVID.dll
  0x80699000 \SystemRoot\system32\CLFS.SYS
  0x806DA000 \SystemRoot\system32\CI.dll
  0x8260C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8267D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8268B000 \SystemRoot\system32\drivers\acpi.sys
  0x826D1000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x826DA000 \SystemRoot\system32\drivers\msisadrv.sys
  0x826E2000 \SystemRoot\system32\drivers\pci.sys
  0x82709000 \SystemRoot\System32\drivers\partmgr.sys
  0x82718000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8271B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x82725000 \SystemRoot\system32\drivers\volmgr.sys
  0x82734000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8277E000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8780E000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x878DC000 \SystemRoot\system32\drivers\atapi.sys
  0x878E4000 \SystemRoot\system32\drivers\ataport.SYS
  0x87902000 \SystemRoot\system32\drivers\fltmgr.sys
  0x87934000 \SystemRoot\system32\drivers\N360\0403000.005\SYMDS.SYS
  0x8798A000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8799A000 \SystemRoot\system32\drivers\N360\0403000.005\SYMEFA.SYS
  0x8278E000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x87A03000 \SystemRoot\system32\drivers\ndis.sys
  0x87B0E000 \SystemRoot\system32\drivers\msrpc.sys
  0x87B39000 \SystemRoot\system32\drivers\NETIO.SYS
  0x87C0E000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x87D1E000 \SystemRoot\system32\drivers\volsnap.sys
  0x87D57000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
  0x87D5C000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
  0x87D9F000 \SystemRoot\System32\Drivers\spldr.sys
  0x87DA7000 \SystemRoot\System32\Drivers\mup.sys
  0x87DB6000 \SystemRoot\System32\drivers\ecache.sys
  0x87DDD000 \SystemRoot\system32\drivers\disk.sys
  0x87B74000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x87DEE000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8B2D9000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8B2E4000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8B2ED000 \SystemRoot\system32\DRIVERS\FwLnk.sys
  0x8B2F5000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8B304000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8BE08000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8C4EC000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8C58D000 \SystemRoot\System32\drivers\watchdog.sys
  0x8C599000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8C5A4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8C5E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8B308000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8B395000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8B3D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8C5F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x87B95000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8C5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8B3EA000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x87BC5000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8BE00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x879C7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x807BA000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8B3F5000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8B200000 \SystemRoot\system32\DRIVERS\vcsvad.sys
  0x8BA07000 \SystemRoot\system32\DRIVERS\portcls.sys
  0x8BA34000 \SystemRoot\system32\DRIVERS\drmk.sys
  0x8BA59000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8BA83000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8BA9A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8BAA5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BAC8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8BAD7000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8BAEB000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8BB00000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8BB10000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8BB12000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8BB1C000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8BB29000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8BB5E000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8C600000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8BB6F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8BB78000 \SystemRoot\System32\Drivers\Null.SYS
  0x8BB7F000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8BB8F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8BB96000 \SystemRoot\System32\drivers\vga.sys
  0x8BBA2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8BBC3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8BBCB000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8BBD3000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8BBDE000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8BBEC000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8C80F000 \SystemRoot\System32\drivers\tcpip.sys
  0x8C8F9000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8C914000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8C92A000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8C93E000 \SystemRoot\system32\drivers\afd.sys
  0x8C986000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8C9B8000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8C9CE000 \SystemRoot\system32\DRIVERS\rtlprot.sys
  0x8C9D8000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8C9E6000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x87BDD000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
  0x8C800000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
  0x8D60F000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8D64B000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8D6B0000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
  0x8D6D5000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
  0x8D733000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
  0x8D750000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8D767000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
  0x8E403000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
  0x8E4AF000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
  0x8E50D000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8E51A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x948A0000 \SystemRoot\System32\win32k.sys
  0x8E5E8000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8D7E6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x94AC0000 \SystemRoot\System32\TSDDD.dll
  0x94AE0000 \SystemRoot\System32\cdd.dll
  0x94AF0000 \SystemRoot\System32\ATMFD.DLL
  0x8B205000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8E5F2000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8B21C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8D7F5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8D600000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8B22C000 \SystemRoot\system32\drivers\luafv.sys
  0x8B247000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x8B25C000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8B26C000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8BBF5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8B296000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xAA40A000 \SystemRoot\system32\drivers\HTTP.sys
  0xAA477000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xAA49F000 \SystemRoot\system32\drivers\spsys.sys
  0xAA54F000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xAA56C000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xAA585000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xAA59A000 \SystemRoot\system32\drivers\mrxdav.sys
  0xAA5BB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xAAC09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xAAC42000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xAAC5A000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xAAC82000 \SystemRoot\System32\DRIVERS\srv.sys
  0xAACD0000 \SystemRoot\system32\drivers\peauth.sys
  0xAADAE000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAADB8000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAADC4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xAADD9000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xAA5DA000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xAF602000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
  0xAF65B000 \??\C:\Windows\system32\drivers\mbam.sys
  0xAF65F000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xAF675000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
  0xB0962000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101118.005\IDSvix86.sys
  0xB0800000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101119.021\NAVEX15.SYS
  0xB094E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101119.021\NAVENG.SYS
  0x77140000 \Windows\System32\ntdll.dll

Processes (total 75):
      0 System Idle Process
      4 System
    464 C:\Windows\System32\smss.exe
    532 csrss.exe
    576 C:\Windows\System32\wininit.exe
    584 csrss.exe
    616 C:\Windows\System32\winlogon.exe
    660 C:\Windows\System32\services.exe
    676 C:\Windows\System32\lsass.exe
    684 C:\Windows\System32\lsm.exe
    836 C:\Windows\System32\svchost.exe
    884 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    924 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\audiodg.exe
    1232 C:\Windows\System32\svchost.exe
    1252 C:\Windows\System32\SLsvc.exe
    1284 C:\Windows\System32\svchost.exe
    1432 C:\Windows\System32\svchost.exe
    1648 C:\Windows\System32\spoolsv.exe
    1672 C:\Windows\System32\svchost.exe
    1888 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    312 C:\Windows\System32\taskeng.exe
    480 C:\Windows\System32\svchost.exe
    492 C:\Windows\System32\svchost.exe
    536 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    1440 C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
    1740 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    1548 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    1080 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    736 C:\Windows\System32\svchost.exe
    2112 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2176 C:\Windows\System32\dwm.exe
    2236 C:\Windows\System32\SearchIndexer.exe
    2252 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2404 WUDFHost.exe
    2496 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2856 C:\Windows\System32\alg.exe
    3048 C:\Windows\System32\taskeng.exe
    3200 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    3284 C:\Windows\System32\igfxtray.exe
    3292 C:\Windows\System32\hkcmd.exe
    3300 C:\Windows\System32\igfxpers.exe
    3308 C:\Windows\RtHDVCpl.exe
    3316 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3324 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3336 C:\Program Files\Windows Defender\MSASCui.exe
    3380 C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    3396 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3404 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
    3424 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    3432 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    3444 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    3500 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3680 WmiPrvSE.exe
    3836 dllhost.exe
    3952 C:\Windows\System32\igfxsrvc.exe
    2068 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
    2676 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3644 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    1472 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4132 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    6008 C:\Windows\System32\svchost.exe
    5504 C:\Program Files\Mozilla Firefox\firefox.exe
    3360 C:\Windows\explorer.exe
    6032 C:\Users\Echelon\Desktop\OTL.exe
    1944 taskeng.exe
    5164 C:\Windows\System32\SearchProtocolHost.exe
    5356 C:\Windows\System32\SearchFilterHost.exe
    4556 dllhost.exe
    6136 dllhost.exe
    5152 C:\Users\Echelon\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000  (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1655GSX, Rev: FG011M 

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!


Last edited by Echelon on 20th November 2010, 6:11 am; edited 2 times in total (Reason for editing : Updating Information for faster help..)

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

OTL Scan

Post by Echelon on 20th November 2010, 6:12 am

OTL logfile created on: 11/20/2010 1:05:14 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Echelon\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.37 Gb Total Space | 83.27 Gb Free Space | 59.32% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 6.84 Gb Free Space | 91.82% Space Free | Partition Type: FAT32

Computer Name: ECHELONNETWORK | User Name: Echelon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/20 00:41:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Echelon\Desktop\OTL.exe
PRC - [2010/11/10 10:19:18 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/10 10:19:16 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/02 10:22:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/22 23:28:10 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/07/06 10:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/01 17:11:06 | 001,283,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/04/01 17:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/24 15:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/20 21:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/11/20 00:41:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Echelon\Desktop\OTL.exe
MOD - [2010/11/16 00:40:33 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/11/16 00:40:33 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2010/11/10 10:19:18 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/07/06 10:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/01 17:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Echelon\AppData\Local\Temp\RarSFX0\ThreatScanner\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Echelon\AppData\Local\Temp\RarSFX0\ThreatScanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/11/15 23:56:48 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101119.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/11/15 23:56:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/15 23:56:48 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/15 23:56:48 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101119.021\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/15 23:49:12 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/10 10:19:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/04 15:02:36 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/10/19 15:36:24 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101118.005\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/04 12:50:14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/06/10 04:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/03/11 18:17:20 | 000,063,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/12/26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/08/14 09:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/18 20:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/06/12 20:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/09 20:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/23 12:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Runescape Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.Google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.1.9
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:6.2.0.743
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/11/17 02:24:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/11/15 23:50:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 10:22:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 10:22:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010/11/03 19:05:55 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Mozilla\Extensions
[2010/11/20 00:29:42 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\extensions
[2010/11/16 02:25:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/11 00:01:10 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}(47)
[2010/11/16 02:14:28 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2010/11/16 20:47:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/03 16:05:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(409)
[2010/11/16 20:48:39 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\extensions\adblockpopups@jessehakanen.net
[2010/11/16 20:38:06 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\extensions\info@djzig.com
[2010/11/18 06:58:45 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\extensions\redshift_V2@shift-themes.com
[2010/11/16 02:25:00 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\extensions\TechnicianConsole@logmeinrescue.com
[2010/11/09 19:07:21 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\extensions\zigboom@hotmail(405).com
[2010/08/05 22:19:36 | 000,000,921 | ---- | M] () -- C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Profiles\zoattqlz.default\searchplugins\conduit.xml
[2010/11/16 02:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/04 01:48:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 22:11:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/16 02:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/16 02:08:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/12/01 11:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-7C4EN.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Echelon\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fa32d147-bfb7-11de-9969-001e33c0e882}\Shell - "" = AutoRun
O33 - MountPoints2\{fa32d147-bfb7-11de-9969-001e33c0e882}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/20 00:41:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Echelon\Desktop\OTL.exe
[2010/11/17 02:57:20 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symtdiv.sys
[2010/11/17 02:57:19 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symds.sys
[2010/11/17 02:57:19 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.sys
[2010/11/17 02:57:19 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symefa.sys
[2010/11/17 02:57:19 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.sys
[2010/11/17 02:57:18 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.sys
[2010/11/17 02:57:18 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\ironx86.sys
[2010/11/17 02:48:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0403000.005
[2010/11/17 00:49:38 | 000,000,000 | ---D | C] -- C:\Users\Echelon\AppData\Roaming\Malwarebytes
[2010/11/17 00:49:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/17 00:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/17 00:49:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/17 00:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/16 21:54:03 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2010/11/16 02:08:18 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/16 02:08:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/16 02:08:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/16 00:42:41 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/16 00:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/11/16 00:38:03 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/11/16 00:38:03 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/11/16 00:38:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/11/16 00:32:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/16 00:28:40 | 011,843,016 | ---- | C] (Microsoft Corporation) -- C:\Users\Echelon\Desktop\Microsoft® Windows® Malicious Software Removal Tool.exe
[2010/11/15 23:49:15 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/11/15 23:49:13 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/11/15 23:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/11/15 23:48:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010/11/15 23:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/11/15 23:48:37 | 000,000,000 | ---D | C] -- C:\Users\Echelon\Documents\Symantec
[2010/11/15 23:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/11/15 22:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TestLogger
[2010/11/15 21:14:51 | 000,000,000 | -H-D | C] -- C:\PEBakcup
[2010/11/08 03:22:46 | 000,000,000 | ---D | C] -- C:\Users\Echelon\AppData\Roaming\Media Player Classic
[2010/11/04 13:53:03 | 000,000,000 | ---D | C] -- C:\PcwBak
[2010/11/03 20:59:12 | 000,000,000 | ---D | C] -- C:\Users\Echelon\Documents\LimeWire
[2010/11/03 19:06:14 | 000,000,000 | ---D | C] -- C:\Users\Echelon\Tracing
[2010/11/03 18:50:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/11/03 18:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings(6)
[2010/11/03 16:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\PC Washer
[2010/11/03 02:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/11/02 21:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2010/11/02 19:35:01 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2010/11/02 19:31:49 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/11/02 16:56:07 | 000,000,000 | ---D | C] -- C:\Users\Echelon\AppData\Local\Windows Live
[2010/11/02 11:14:42 | 000,253,072 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2010/11/02 11:07:25 | 000,000,000 | ---D | C] -- C:\Users\Echelon\AppData\Roaming\BitDefender
[2010/11/02 10:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010/11/02 10:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/11/02 10:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\1-Click PC Fix v4
[2010/10/26 15:47:37 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/26 15:47:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/26 15:47:34 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

========== Files - Modified Within 30 Days ==========

[2010/11/20 00:56:40 | 000,080,384 | ---- | M] () -- C:\Users\Echelon\Desktop\MBRCheck.exe
[2010/11/20 00:47:30 | 000,364,032 | ---- | M] () -- C:\Users\Echelon\Desktop\rkill.com
[2010/11/20 00:41:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Echelon\Desktop\OTL.exe
[2010/11/20 00:17:26 | 000,000,099 | ---- | M] () -- C:\Users\Echelon\jagex_runescape_preferences2.dat
[2010/11/19 23:38:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 23:38:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 22:04:45 | 001,910,568 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
[2010/11/19 16:49:49 | 000,000,069 | ---- | M] () -- C:\Users\Echelon\jagex_runescape_preferences.dat
[2010/11/19 00:52:54 | 000,194,560 | ---- | M] () -- C:\Users\Echelon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/19 00:51:29 | 001,296,384 | ---- | M] () -- C:\Windows\is-7C4EN.exe
[2010/11/19 00:51:29 | 000,021,303 | ---- | M] () -- C:\Windows\is-7C4EN.msg
[2010/11/19 00:51:29 | 000,001,637 | ---- | M] () -- C:\Windows\is-7C4EN.lst
[2010/11/17 05:46:44 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/17 05:46:44 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/17 05:38:00 | 000,000,442 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/11/17 05:37:54 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/11/17 05:37:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/17 00:49:27 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/16 22:12:25 | 000,254,880 | ---- | M] () -- C:\Users\Echelon\Desktop\dark_universe-normal.jpg
[2010/11/16 22:05:06 | 000,030,898 | ---- | M] () -- C:\Users\Echelon\Desktop\universe-1.jpg
[2010/11/16 20:44:01 | 111,906,385 | ---- | M] () -- C:\Users\Echelon\Desktop\Flo Rida ft. David Guetta - Club Can't Handle Me.mp4
[2010/11/16 20:42:48 | 020,743,649 | ---- | M] () -- C:\Users\Echelon\Desktop\Taio Cruz - Dynamite.mp4
[2010/11/16 06:08:04 | 018,074,608 | ---- | M] () -- C:\Users\Echelon\Desktop\Let's Get It - Duck, Duck, Grey Goose.mp4
[2010/11/16 05:27:01 | 022,196,616 | ---- | M] () -- C:\Users\Echelon\Desktop\Trey Songz - Bottoms Up ft. Nicki Minaj.mp4
[2010/11/16 02:08:02 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/16 02:08:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/16 02:08:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/16 02:08:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/16 00:28:40 | 011,843,016 | ---- | M] (Microsoft Corporation) -- C:\Users\Echelon\Desktop\Microsoft® Windows® Malicious Software Removal Tool.exe
[2010/11/15 23:49:12 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/11/15 23:49:12 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/11/15 23:49:12 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/11/15 22:28:01 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2010/11/10 10:19:20 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/10 10:19:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/02 21:08:39 | 002,261,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/02 16:33:38 | 000,004,321 | ---- | M] () -- C:\Windows\IntIgn0xF28456.dat
[2010/11/02 16:33:22 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\1-Click PC Fix Scheduled Scan.job
[2010/11/02 12:20:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\wsbl.dat
[2010/11/02 12:20:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_unmip.dat
[2010/11/02 12:20:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_histprot.dat
[2010/11/02 12:20:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_summ.dat
[2010/11/02 12:20:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_spoof.sig
[2010/11/02 12:20:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_sign.slf
[2010/11/02 12:20:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_fuzzy.sig
[2010/11/02 12:20:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_white.dat
[2010/11/02 12:20:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_black.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pcwords2.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pcwords.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_webproxy.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_video.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_tabloids.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_sign.slf
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_searchengines.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_pornography.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_news.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_im.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_illegal.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_hate.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_games.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_gambling.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_drugs.dat
[2010/11/02 11:14:42 | 000,253,072 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys

========== Files Created - No Company Name ==========

[2010/11/20 00:56:29 | 000,080,384 | ---- | C] () -- C:\Users\Echelon\Desktop\MBRCheck.exe
[2010/11/20 00:47:12 | 000,364,032 | ---- | C] () -- C:\Users\Echelon\Desktop\rkill.com
[2010/11/19 00:51:29 | 001,296,384 | ---- | C] () -- C:\Windows\is-7C4EN.exe
[2010/11/19 00:51:29 | 000,021,303 | ---- | C] () -- C:\Windows\is-7C4EN.msg
[2010/11/19 00:51:29 | 000,001,637 | ---- | C] () -- C:\Windows\is-7C4EN.lst
[2010/11/17 05:37:17 | 001,910,568 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
[2010/11/17 02:57:20 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.inf
[2010/11/17 02:57:19 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.cat
[2010/11/17 02:57:19 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.cat
[2010/11/17 02:57:19 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.cat
[2010/11/17 02:57:19 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.cat
[2010/11/17 02:57:19 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.cat
[2010/11/17 02:57:19 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.cat
[2010/11/17 02:57:19 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.inf
[2010/11/17 02:57:19 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.inf
[2010/11/17 02:57:19 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.inf
[2010/11/17 02:57:19 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.inf
[2010/11/17 02:57:19 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.inf
[2010/11/17 02:57:18 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.cat
[2010/11/17 02:57:18 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.cat
[2010/11/17 02:57:18 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.inf
[2010/11/17 02:57:18 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.inf
[2010/11/17 02:48:35 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\isolate.ini
[2010/11/17 00:49:27 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/16 22:12:21 | 000,254,880 | ---- | C] () -- C:\Users\Echelon\Desktop\dark_universe-normal.jpg
[2010/11/16 22:04:51 | 000,030,898 | ---- | C] () -- C:\Users\Echelon\Desktop\universe-1.jpg
[2010/11/16 20:40:04 | 111,906,385 | ---- | C] () -- C:\Users\Echelon\Desktop\Flo Rida ft. David Guetta - Club Can't Handle Me.mp4
[2010/11/16 20:39:43 | 020,743,649 | ---- | C] () -- C:\Users\Echelon\Desktop\Taio Cruz - Dynamite.mp4
[2010/11/16 06:05:34 | 018,074,608 | ---- | C] () -- C:\Users\Echelon\Desktop\Let's Get It - Duck, Duck, Grey Goose.mp4
[2010/11/16 05:23:16 | 022,196,616 | ---- | C] () -- C:\Users\Echelon\Desktop\Trey Songz - Bottoms Up ft. Nicki Minaj.mp4
[2010/11/15 23:49:13 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/11/15 23:49:13 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/11/15 23:49:09 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/11/15 22:28:01 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2010/11/02 12:20:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2010/11/02 12:20:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010/11/02 12:20:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010/11/02 12:20:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2010/11/02 12:20:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_spoof.sig
[2010/11/02 12:20:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_sign.slf
[2010/11/02 12:20:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_fuzzy.sig
[2010/11/02 12:20:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2010/11/02 12:20:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_sign.slf
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/11/02 12:20:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/11/02 10:56:53 | 000,004,321 | ---- | C] () -- C:\Windows\IntIgn0xF28456.dat
[2010/11/02 10:42:56 | 000,000,426 | ---- | C] () -- C:\Windows\tasks\1-Click PC Fix Scheduled Scan.job
[2010/07/23 05:24:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/05 01:00:39 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/05/05 04:52:30 | 000,024,206 | ---- | C] () -- C:\Users\Echelon\AppData\Roaming\UserTile.png
[2010/04/28 20:03:55 | 000,000,407 | ---- | C] () -- C:\Users\Echelon\AppData\Local\RAExpertHistory.xml
[2010/03/04 12:20:54 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2010/01/23 00:46:09 | 000,000,085 | ---- | C] () -- C:\Users\Echelon\AppData\Roaming\RSBot Accounts.ini
[2010/01/22 19:19:01 | 000,000,175 | ---- | C] () -- C:\Users\Echelon\AppData\Local\rahistory.xml
[2010/01/09 13:13:50 | 000,000,234 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/09 12:12:43 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/09 12:12:37 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/09 12:12:36 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/09 12:12:34 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/05 16:03:26 | 000,000,200 | ---- | C] () -- C:\Users\Echelon\AppData\Roaming\wklnhst.dat
[2009/12/03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/09 22:46:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 03:27:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/17 10:02:46 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/10/17 08:44:44 | 000,194,560 | ---- | C] () -- C:\Users\Echelon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/05 20:35:39 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/10/05 17:56:19 | 000,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/10/05 17:19:25 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/30 14:36:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/30 14:25:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/09/30 14:25:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/09/30 14:25:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/09/30 14:25:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 20:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/07/05 01:48:19 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Avnex
[2010/11/02 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\BitDefender
[2009/10/05 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\CallingID
[2010/01/22 19:48:58 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/22 07:57:32 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\ESET
[2010/01/22 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Foxit
[2010/01/05 18:29:27 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Leadertech
[2010/11/01 12:51:49 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\LimeWire
[2010/07/05 01:33:53 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Screaming Bee
[2009/10/05 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\TeamViewer
[2010/01/05 16:03:29 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Template
[2009/11/15 20:12:37 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\Toshiba
[2010/11/17 00:47:50 | 000,000,000 | ---D | M] -- C:\Users\Echelon\AppData\Roaming\uTorrent
[2010/11/02 16:33:22 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\1-Click PC Fix Scheduled Scan.job
[2010/11/17 05:35:16 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

OTL Extras

Post by Echelon on 20th November 2010, 6:13 am

OTL Extras logfile created on: 11/20/2010 1:05:14 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Echelon\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.37 Gb Total Space | 83.27 Gb Free Space | 59.32% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 6.84 Gb Free Space | 91.82% Space Free | Partition Type: FAT32

Computer Name: ECHELONNETWORK | User Name: Echelon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092AEA81-0235-40BE-870A-F2F8857EC553}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{141538E7-2EA9-43C6-A139-A17B33EAD699}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{268BBD6C-A517-4B9C-B88C-2E9FC2B4263E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{31E652B0-9938-4ED2-91E9-A61D378B482B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53E13186-B7FB-48E6-8DE7-6723DE261628}" = rport=2869 | protocol=6 | dir=out | app=system |
"{55A22C7E-2A36-425B-90BF-E4207C56D89C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BB2990A-23FD-4901-8AA8-C6145384D54D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{600E1293-33B6-4877-83DA-A401258CFD86}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A3746D5-8C09-410D-AB4C-4E57E6E596FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3E61BDF-636C-4F50-B4AB-DA990276AE1A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C8832E96-9587-45A8-9ACF-6A23C1F287F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D47FBED8-38F4-445F-8761-6280F63AA501}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{143C5DF9-6338-4AAF-8A77-FEE0A70ACDEE}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{228B90D9-C7D8-432D-B839-A45FD229C602}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3691E3B6-F5B8-4C27-9FE4-3D91E99AC486}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{41451D3C-62B7-4E59-A74F-E32FE6840DEB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{6141F4D4-4100-43B8-9850-83A10F81D9C6}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{6254408D-B193-4ED9-893E-761749DF7CF5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{69985966-7F8A-46E2-9A38-61B759708211}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{81C44329-436E-409A-AF5D-231DAFBF90E7}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8E5043FB-1611-4E8B-84A8-B180013927A8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{910904AD-A0EB-4C48-AA74-29DABA490FB8}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{94DACB6E-E84A-498E-9CA5-D6A7F023B3C5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AE65C4BF-78E4-4594-B639-6FDCC9936FA8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{BAD7244A-BD15-45E3-9035-5FE67DD45645}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E53D42FA-857B-4024-8DD0-8C7BE5AA4D04}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{E6ADBE5F-9D0F-45F6-88CA-60A0AD95C2C2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F3DA5D22-15FB-40B9-AF5B-E1BE49656374}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{CA16EF15-0C5B-42F9-99A5-58AE22D93503}C:\users\echelon\desktop\stuff\mirc.exe" = protocol=6 | dir=in | app=c:\users\echelon\desktop\stuff\mirc.exe |
"UDP Query User{24C177A7-B8A7-43D0-95EC-6E7F56253E9D}C:\users\echelon\desktop\stuff\mirc.exe" = protocol=17 | dir=in | app=c:\users\echelon\desktop\stuff\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052B-02A4-4627-81F2-1818DA5D550D}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"N360" = Norton Security Suite
"TeamViewer 5" = TeamViewer 5
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2010 11:45:31 AM | Computer Name = EchelonNetwork | Source = VSS | ID = 8194
Description =

Error - 11/2/2010 11:47:27 AM | Computer Name = EchelonNetwork | Source = VSS | ID = 8194
Description =

Error - 11/2/2010 12:48:06 PM | Computer Name = EchelonNetwork | Source = WinMgmt | ID = 10
Description =

Error - 11/2/2010 5:32:33 PM | Computer Name = EchelonNetwork | Source = VSS | ID = 8194
Description =

Error - 11/2/2010 5:57:00 PM | Computer Name = EchelonNetwork | Source = VSS | ID = 8194
Description =

Error - 11/2/2010 8:37:35 PM | Computer Name = EchelonNetwork | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =

Error - 11/2/2010 8:38:08 PM | Computer Name = EchelonNetwork | Source = System Restore | ID = 8193
Description =

Error - 11/2/2010 8:38:28 PM | Computer Name = EchelonNetwork | Source = System Restore | ID = 8193
Description =

Error - 11/2/2010 9:23:52 PM | Computer Name = EchelonNetwork | Source = VSS | ID = 8194
Description =

Error - 11/2/2010 10:09:11 PM | Computer Name = EchelonNetwork | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/4/2010 6:02:22 PM | Computer Name = EchelonNetwork | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.103. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 3/4/2010 6:07:32 PM | Computer Name = EchelonNetwork | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.103. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 3/4/2010 6:12:43 PM | Computer Name = EchelonNetwork | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.103. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 3/4/2010 6:17:53 PM | Computer Name = EchelonNetwork | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.103. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 3/4/2010 6:23:03 PM | Computer Name = EchelonNetwork | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.103. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 3/6/2010 4:05:28 PM | Computer Name = EchelonNetwork | Source = DCOM | ID = 10010
Description =

Error - 3/6/2010 4:05:28 PM | Computer Name = EchelonNetwork | Source = DCOM | ID = 10010
Description =

Error - 3/6/2010 4:42:22 PM | Computer Name = EchelonNetwork | Source = DCOM | ID = 10005
Description =

Error - 3/6/2010 4:42:22 PM | Computer Name = EchelonNetwork | Source = Service Control Manager | ID = 7009
Description =

Error - 3/6/2010 4:42:22 PM | Computer Name = EchelonNetwork | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 20th November 2010, 5:20 pm

Ok now it's getting worse.. My computer can't handle things open now.. and i'm disconnecting just loading a video on Youtube.. never happened before..

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 21st November 2010, 12:12 am

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 21st November 2010, 6:56 am

ComboFix 10-11-20.04 - Vintage 11/21/2010 1:42.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.911 [GMT -5:00]
Running from: c:\users\Vintage\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-21 to 2010-11-21 )))))))))))))))))))))))))))))))
.

2010-11-21 06:49 . 2010-11-21 06:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-20 16:25 . 2010-11-20 16:25 -------- d-----w- c:\windows\PCHEALTH
2010-11-20 16:24 . 2010-11-20 16:25 -------- d-----w- c:\program files\Windows Live
2010-11-20 16:22 . 2010-11-21 05:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-11-20 16:13 . 2010-11-20 16:13 -------- d-----w- c:\program files\Windows Portable Devices
2010-11-20 16:11 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-20 16:11 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-11-20 16:11 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-20 16:08 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-11-20 16:08 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-11-20 16:08 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-11-20 15:36 . 2010-11-20 15:38 -------- d-----w- c:\windows\system32\ca-ES
2010-11-20 15:36 . 2010-11-20 15:38 -------- d-----w- c:\windows\system32\eu-ES
2010-11-20 15:35 . 2010-11-20 15:37 -------- d-----w- c:\windows\system32\vi-VN
2010-11-20 15:20 . 2010-11-20 15:20 -------- d-----w- c:\windows\system32\EventProviders
2010-11-20 15:17 . 2009-04-11 06:28 747008 ----a-w- c:\windows\system32\WsmSvc.dll
2010-11-20 15:16 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-11-20 15:16 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-11-20 15:16 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-11-20 15:16 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-11-20 15:16 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-11-20 15:16 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-11-20 15:16 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-11-20 15:16 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-11-20 15:16 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-11-20 15:16 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-11-20 15:16 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-11-20 14:37 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-11-20 14:37 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-11-20 14:37 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-11-20 14:37 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-11-20 14:37 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-11-20 14:35 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-11-20 14:28 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-11-20 14:27 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-20 14:26 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-20 14:26 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-11-20 14:26 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-20 12:27 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-20 12:17 . 2010-11-20 12:17 -------- d-----w- c:\program files\Microsoft.NET
2010-11-20 12:15 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-20 12:15 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-20 12:15 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-20 12:15 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-20 12:15 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-20 11:56 . 2010-11-18 03:21 209920 ----a-w- c:\windows\system32\ssleay32.dll
2010-11-20 11:56 . 2010-11-18 03:21 209920 ----a-w- c:\windows\system32\libssl32.dll
2010-11-20 11:56 . 2010-11-20 11:56 -------- d-----w- C:\OpenSSL
2010-11-20 11:42 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-20 11:42 . 2010-11-20 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-20 11:42 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-20 11:32 . 2010-11-20 11:32 -------- d-----w- c:\program files\mIRC
2010-11-20 11:24 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-11-20 11:24 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-11-20 11:24 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-11-20 11:22 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-20 11:22 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-20 11:22 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-20 11:22 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-20 11:22 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-11-20 11:22 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2010-11-20 11:21 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-11-20 11:21 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2010-11-20 11:21 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-11-20 11:21 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-11-20 11:21 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-11-20 11:21 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2010-11-20 11:21 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-20 11:20 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-20 11:20 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-20 11:20 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-11-20 11:20 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-20 11:20 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-20 11:20 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-20 11:20 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-20 11:20 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-20 11:20 . 2010-11-20 11:20 -------- d-----w- C:\DOCS
2010-11-20 11:19 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-20 11:19 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-20 11:19 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-20 11:19 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2010-11-20 11:19 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-11-20 11:17 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-11-20 11:17 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-11-20 11:17 . 2009-04-11 06:28 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-20 11:17 . 2009-04-11 06:28 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-11-20 11:17 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-11-20 11:17 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-20 11:17 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-11-20 11:17 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-11-20 11:17 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-20 11:15 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-11-20 11:15 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2010-11-20 11:15 . 2009-04-11 06:28 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2010-11-20 11:15 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2010-11-20 11:15 . 2009-04-11 06:28 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2010-11-20 11:15 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-20 11:15 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-11-20 11:15 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-11-20 11:15 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-11-20 11:14 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-20 11:14 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-20 11:14 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-11-20 11:14 . 2010-01-21 15:05 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-20 11:14 . 2009-04-11 06:27 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-20 11:14 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-11-20 11:10 . 2010-11-18 03:21 1019904 ----a-w- c:\windows\system32\libeay32.dll
2010-11-20 11:10 . 2008-01-15 18:03 364544 ----a-w- c:\windows\system32\RtlLib.dll
2010-11-20 11:10 . 2007-04-23 18:50 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
2010-11-20 11:10 . 2006-10-27 06:30 131072 ----a-w- c:\windows\system32\EnumDevLib.dll
2010-11-20 11:10 . 2003-11-18 18:27 155648 ----a-w- c:\windows\system32\IpLib.dll
2010-11-20 11:09 . 2010-11-20 11:09 -------- d-----w- c:\windows\OPTIONS
2010-11-20 11:09 . 2007-12-26 18:20 290304 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
2010-11-20 11:09 . 2007-12-26 18:20 290304 ----a-w- c:\windows\system\rtl8187B.sys
2010-11-20 11:09 . 2010-11-20 11:09 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2010-11-20 11:05 . 2010-11-20 11:05 -------- d-----w- c:\program files\Synaptics
2010-11-20 11:02 . 2010-11-20 11:02 -------- d-----w- c:\windows\system32\ENU
2010-11-20 11:02 . 2008-05-03 01:53 1034776 ----a-w- c:\windows\system32\imsmudlg.exe
2010-11-20 11:02 . 2008-04-16 01:53 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-11-20 10:57 . 2010-11-20 11:02 -------- d-----w- c:\windows\system32\Lang
2010-11-20 10:57 . 2008-06-25 23:05 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-11-20 10:57 . 2006-11-10 17:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-11-20 10:55 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2010-11-20 10:55 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2010-11-20 10:55 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 05:47 . 2010-09-23 05:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-08-26 16:33 . 2010-11-20 11:24 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-11-20 11:24 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-11-20 11:24 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-11-20 11:24 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Skytel"="Skytel.exe" [2007-11-21 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 17:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101119.001\IDSvix86.sys [2010-10-19 353840]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ERASERUTILDRVI10
*Deregistered* - EraserUtilDrvI10

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Vintage\AppData\Roaming\Mozilla\Firefox\Profiles\x9cxk796.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-21 01:49
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"=""c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe" /s "N360" /m "c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-21 01:54:28
ComboFix-quarantined-files.txt 2010-11-21 06:54

Pre-Run: 112,047,726,592 bytes free
Post-Run: 112,000,667,648 bytes free

- - End Of File - - 12896C886866274243D5E9CB94A5EB66

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 21st November 2010, 8:18 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 21st November 2010, 11:31 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7432d85591fc524ea9d83adfb224b117
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-21 11:22:25
# local_time=2010-11-21 06:22:25 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3589 16777213 80 86 0 53652997 0 0
# compatibility_mode=5892 16776574 100 95 0 126982274 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=108552
# found=0
# cleaned=0
# scan_time=7045

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 21st November 2010, 11:52 pm

Hello.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent
    Adobe Reader 9.3.4

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 21st November 2010, 11:58 pm

I have uTorrent because i use it to download movies, faster to download via a Torrent than the original file itself, sadly..

And its still really laggy..

I play a Java-Based game online, everytime i make a call on Windows Live 2011 and i'm on the game, i'll get a Connection lost, msn will sign out and my internet will disconnect itself, completely at random.. NEVER happened before.. It's not related to my ISP in any way because we have another laptop hooked up and it has no problems, it's only here.. And i've never had issues with Malware or Viruses.. All the scans i've done have found nothing at all..

Firefox and IE take quite some time to open up now, so does a few other programs, i'll wait maybe.. 15 seconds before it finally appears, and if i download something on firefox or IE, 90% chance it'll stop responding and either stay like that or fix itself.. If it stays like that i HAVE to restart the computer, Task Manager "End Program" doesn't respond to it..

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 23rd November 2010, 1:12 am

Can I ask what antivirus your running?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 23rd November 2010, 1:51 am

Currently, Norton Security Suite 4.. And Malwarebytes' is on as well..

I've had..
ESET Nod Smart Security
BitDefender Total Security Beta 2011
McAfee.. (Got bluescreen'd because McAfee deleted a System file)

I uninstalled BitDefender for Norton Security Suite 4 because this is a free product from Comcast, so i figured i'd try it this time.

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 23rd November 2010, 10:41 pm

Hello.
Norton is known for being a big resource hog, I would get rid of that and use either Avast/Avira.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 24th November 2010, 1:44 am

This was happening before i had Norton installed, ESET was in first when it happened in the beginning, that's why i switched to various AntiViruses

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 24th November 2010, 10:49 pm

Hello.

TFC(Temp File Cleaner):

  • Please download [You must be registered and logged in to see this link.] to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

It's mainly down to HDD management, how often you do clean outs and such.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 24th November 2010, 11:20 pm

Ok it's done, but i don't think that's going to fix the problem.. For some odd reason i have a feeling there's something wrong with the way the internet is connecting through my laptop, Directly connecting VIA modem, and wireless i still experience the same thing..

I have NO viruses, malware, or anything harmful on my laptop at all.. I'm smart and i know what to [and what not to] download or view on the internet.. Something somewhere got damaged, it's either a driver or a core component..

Idk if this will help..

The game i play is called RuneScape, it's a Java Based game that takes quite a bit of CPU Usage..
I also run Windows Live Messenger 2011 and i use Voice Call while i'm on it, (nearly everytime i'm signed in) my CPU is always in the high 90% area for quite some time. It's been this way for a LONG time, and i've never had a problem where my computer cannot handle both of those going at once.

If i'm on Call on Windows Live, i have to Hang it up, or i'll lose Connection while i'm on the game. Then i can call back after its done 'lagging' and i'll be fine for a while, till it happens again.

But regardless of what i have open, my Startup is running slow now, Norton & Malwarebytes don't come up as fast anymore, Firefox and anything else still refuses to open as quick as they used to.. Even Control Panel stopped responding trying to uninstall something just yesterday..

Whatever this is, it's new.. I've not experienced the problem before, i even did a System Restore to Factory Settings.. And it's still here. Something is eating up my Physical memory or something, i don't know. But from the scans, which i can read & understand most of them. I see nothing potentially harmless in them, just my normal files & programs, i've done scans with numerous antiviruses because they all give different inputs, nothing has been found... Antivirus or malware.. But there's still SOMETHING wrong.. it's maddening!

There's gotta be something else you can check, from this new information i've given you..

This laptop is less than a year old.. Nortons Diagnostic report is telling me i've got low RAM, but i'm using Vista and i have an 8GB usb plugged in i can use for Readyboost for around 4GB of additional RAM..

From what bitdefender told me (when i had it installed) i had 'bout 914mb of RAM remaining.

Code:

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Vintage
->Temp folder emptied: 994741 bytes
->Temporary Internet Files folder emptied: 31760688 bytes
->Java cache emptied: 2597593 bytes
->FireFox cache emptied: 64278063 bytes
->Flash cache emptied: 1492 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66443 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33038 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 95.00 mb

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 26th November 2010, 12:48 am

Hello.
Please open your Task Manager. Under the Mem Usage list, what file is hogging it the most? svchost.exe by any chance?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 26th November 2010, 12:12 pm

Well, it's running 13 times (lol) but they're all 00%

Java.exe hits 80% when i'm using it.. But i have this issue when Java.exe isn't even running either..

For example, i was just downloading a movie, i only had 2 things open.. the Download & Windows Live 2011.. It disconnected my internet 4x, my network center made me believe my modem got turned off, but it wasn't, it re-connected itself after 10 seconds..

If i go on speedtest.net, once it hits the 'downloading' part, it peaks at 20mb then it slowly dies, and it takes a LONG time before it finishes that 'test' with the internet download speed showing as 0.70mb or sometimes less..

I used to peak 16-25mb on the download... i don't have dial up so it shouldn't be showing me with dial up speeds lol

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 27th November 2010, 1:24 am

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 27th November 2010, 3:02 am

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:45 PM, on 11/26/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Vintage\Desktop\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

--
End of file - 4621 bytes

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 28th November 2010, 1:08 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"


  • Press "Fix Checked"
  • Close Hijack This.

Reboot normally, how is the machine running now? Java.exe still hogging the CPU?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 28th November 2010, 1:42 am

On startup, i let everything open & load, waited a good 2 minutes then tried to open Firefox to get back here, took 11 seconds to open.. Then the page lagged trying to load [You must be registered and logged in to see this link.] so everything is still the same :\

Here's what my Task Manager looks like while i'm running my normal programs.


Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 29th November 2010, 12:44 am

Hello.

I recommend you remove the Java Quick Starter because it's not needed.
To do so, follow these instructions.

Go to Start > Control Panel > Java.
In the Java control panel, open the click the Advanced tab. Click the + in front of Miscellaneous and uncheck the Java Quick Starter box.

See [You must be registered and logged in to see this link.] for more info.

Does Java.exe still hog the CPU now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 29th November 2010, 2:02 am

Hm, it's already unchecked..

And i was just watching a video on YouTube and my MSN call ended because my internet 'stopped working' because both of those were loading at the same time :\

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 29th November 2010, 10:06 pm

Hmm, did the HJT fix work? I still see hkcmd.exe loading, I am suspecting the UAC got in the way of our fix?

Run Hijack This again, system scan only. Do all the items I listed to be fix show up still?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 29th November 2010, 11:17 pm

Yeah, still on the log. I saved it so you can see again.

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:17:11 PM, on 11/29/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

--
End of file - 4611 bytes

Kaspersky Internet Security 2011 (I just removed Norton to install this) found au_.exe running.. c:\users\vintage\appdata\local\temp\~nsu.tmp\au_.exe

From what i've read it's a file that belongs to SpyFalcon?

My Kaspersky is only Trial atm, i've gotta buy the license for it still, idk if it'll remove it for me.

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 30th November 2010, 8:58 am

I'm going to PM you a private log i got from scanning on Kaspersky it's a 'getsysteminfo' log

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 1st December 2010, 12:16 am

Got it.

Try this for me please before I resort to something else first. To run Hijack This this time, please right click it, select "Run as administrator".

Try our HJT fix again, see if the items listed go away this time.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 1st December 2010, 1:13 am

Normally i do that, but this is the only program that i have that DOESN'T have a 'Run as Administrator' option..

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 2nd December 2010, 1:03 am

Hello.
Please try StartupLite by Malwarebytes, download from here.
[You must be registered and logged in to see this link.]

Run that and turn off anything unnecessary.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 2nd December 2010, 2:57 am

No unnecessary startups found, i disabled the following programs myself earlier today (the ones i noticed you were trying to fix in HiJack This...

hkcmd.exe
igfxtray.exe
igfxpers.exe
Reader_sl.exe
AdobeARM.exe
RtHDVCpl.exe
Skytel.exe
jusched.exe

The disconnecting stopped, i can finally download and have another thing running at once, now there's only ONE problem that remains, things opening up slowly and things 'not responding' sometimes, my firefox loads slow still and when i open a page that has a long list of stuff on it, the page stops responding till its done loading which takes a minute or so, this never happened before as well.

Any ideas on the last problem?

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 3rd December 2010, 12:35 am

Not too sure about that, everything looks cool now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 3rd December 2010, 6:37 am

Lol, the disconnecting is back now.. I uninstalled Firefox for Chrome, because firefox i guess was the issue for the slow loading, but i'm downloading a Movie atm, and i keep disconnecting from Windows Live, so there's still something wrong.. do you want new OTL logs? I've installed new things and changed some stuff since those last ones.

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 3rd December 2010, 9:43 pm

Does the disconnecting only happen when you download something?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 3rd December 2010, 10:42 pm

Yeah, when i start the download with other programs open, even if i download more than TWO things, one of them will die down and the other will speed up VERY high, and then disconnect me



It's not my internet that's one thing i know.. the jitter on that is so high.. It's not like this on the other laptop, and on speedtest.net it acts like its having a seizure when it's trying to do the downloading part

And that picture btw, is without me on Windows Live Messenger, and anything else..

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Echelon on 6th December 2010, 9:14 pm

Now what? :\

Echelon
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-11-17
Gender Gender : Male
OS OS : Vista
Protection Protection : Norton Security Suite 4
Points Points : 22474
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Issues..

Post by Belahzur on 7th December 2010, 12:22 am

If you use a download managed, try limiting your bandwidth usage.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum