View Full Version : Windows 7 - problems
When I was running Vista I was having some problems like media played crashes soon every time right after launching and windows will not come back after the computer goes to sleep. I upgraded to Windows 7 hopeing the problems would go away but they haven't. I am thinking I may have some malware.
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:15:20 PM, on 4/3/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\HeavyWeather\HeavyWeatherPublisher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\HeavyWeather\heavy weather.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ProMash\ProMash.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [HeavyWeatherPublisher] C:\HeavyWeather\HeavyWeatherPublisher.exe -minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: heavy weather.lnk = C:\HeavyWeather\heavy weather.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: *.bing.com
O15 - Trusted Zone: *.doccentral.com
O15 - Trusted Zone: *.fnismls.com
O15 - Trusted Zone: *.getmedianow.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.rdesk.com
O15 - Trusted Zone: *.rexplorer.net
O15 - Trusted Zone: *.safemls.net
O15 - Trusted Zone: *.showingtime.com
O15 - Trusted Zone: *.sitexdata.com
O15 - Trusted Zone: *.spellchecker.net
O15 - Trusted Zone: *.transactionpoint.com
O15 - Trusted Zone: *.trpoint.com
O15 - Trusted Zone: *.virtualearth.net
O15 - Trusted Zone: *.xmlsweb.com
O16 - DPF: ImageUploader - http://www.assetval.com/app/ImageUploader.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://samls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
O16 - DPF: {0CE0F418-1010-442D-871C-3454827DD539} - http://facefun.com/FaceFun_webinstall/FaceFun.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://samls.crsdata.com/realestate/maps/downloads/mgaxctrlv65.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.riocentral.com/Image%20Uploader/ImageUploader6.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - http://download.copysafe.net/plugins5/installers/Copysafe.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.pyramidreo.com/ImageUploader4.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://pro.realquest.com/mapviewer/mapviewer.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{30BBADAE-3AF0-48DB-BFFA-9AD645AF925A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{30BBADAE-3AF0-48DB-BFFA-9AD645AF925A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{30BBADAE-3AF0-48DB-BFFA-9AD645AF925A}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Google Update Service (gupdate1c9bca6f4ea33cd) (gupdate1c9bca6f4ea33cd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SolidPDFPlusCreatorReadSpool (SPDFCreatorPlusReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSIF8BC.tmp
O23 - Service: SolidPDFToolsCreatorReadSpool (SPDFToolsReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSIEE5E.tmp
--
End of file - 9144 bytes
shelf life
2010-04-07, 00:44
hi,
Those two issues dont sound like malware. Is that W7 your running? We can get a app to check for malware. I can suggest another media player you can use. did you add those sites to your trusted zone?
If you still need help reply to my post
Yes, I am running Windows 7 and I am still having the problems. Where do I get an app to check for malware? I am not sure what sites you are refering to to add to my trusted zone.
shelf life
2010-04-08, 01:14
lets start with Malwarebytes, link and directions:
Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3967
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
4/7/2010 6:26:23 PM
mbam-log-2010-04-07 (18-26-23).txt
Scan type: Full scan (C:\|)
Objects scanned: 354749
Time elapsed: 1 hour(s), 57 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
shelf life
2010-04-09, 01:01
Well thats a good result.
What I mean is did you yourself add these sites to your trusted zone. If you dont recognize the websites then you wouldn't have added them. Its possible that they were added by a software installation.
O15 - Trusted Zone: *.bing.com
O15 - Trusted Zone: *.doccentral.com
etc.......
Before we continue, Is this a computer you use for work or a business? Are you in the Real Estate business?
Both work and business. The kids get on it once in a while and I think they screw it up. Yes I am in the real estate business.
shelf life
2010-04-09, 02:54
Ok thanks for the info. We will leave those entries alone.
Lets get one more download to look for malware. Also see this link (http://www.virusvault.us/signs.html) for signs of malware.
Not sure if this will run on W7, but you can try. you may have to right click and 'run as admin':
Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Double click dds.scr to run the tool. When done, DDS.txt will open.
Save both reports to your desktop.
Please Copy/paste both logs in your reply.
a alternate to Windows Media player is VLC (http://www.videolan.org/)
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2010 8:02:33 PM
System Uptime: 4/5/2010 4:27:33 PM (76 hours ago)
Motherboard: ECS | | 945GCT-M
Processor: Intel(R) Core(TM)2 CPU X6800 @ 2.93GHz | CPU 1 | 2926/266mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 43.799 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 932 GiB total, 357.483 GiB free.
P: is NetworkDisk (NTFS) - 149 GiB total, 95.735 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&16DB80C5&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&16DB80C5&0
Service: i8042prt
==== System Restore Points ===================
RP2: 4/1/2010 8:21:55 PM - Installed DirectX
RP3: 4/1/2010 8:37:05 PM - Windows Update
RP4: 4/1/2010 8:57:56 PM - Windows Update
RP5: 4/2/2010 9:22:18 AM - Windows Modules Installer
RP6: 4/2/2010 9:32:46 AM - Windows Modules Installer
RP7: 4/2/2010 3:02:49 PM - Windows Update
RP8: 4/3/2010 11:40:12 AM - Windows Update
RP9: 4/3/2010 2:08:43 PM - Installed HiJackThis
RP10: 4/3/2010 6:12:53 PM - Windows Update
RP11: 4/4/2010 8:45:40 AM - Windows Update
RP12: 4/5/2010 7:18:26 AM - Windows Update
RP14: 4/5/2010 10:19:22 AM - Installed MFL-Pro Suite
RP15: 4/5/2010 10:20:01 AM - Device Driver Package Install: Brother Imaging devices
RP16: 4/6/2010 4:00:15 AM - Windows Update
RP17: 4/6/2010 4:34:27 PM - Windows Update
RP18: 4/6/2010 10:48:56 PM - Windows Update
RP19: 4/7/2010 4:34:32 PM - Windows Update
RP20: 4/8/2010 4:21:28 PM - Windows Update
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.1
APC PowerChute Personal Edition
ATI AVIVO Codecs
ATI Catalyst Install Manager
Brother BRAdmin Professional 2.81
Brother Internet Print 1.65
Brother MFL-Pro Suite MFC-8460N
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Core FTP LE 2.0
CP210x USB to UART Bridge Controller
DisplayKEY USB Cradle version 0.7.2
eChef
ERUNT 1.1j
FormViewer
Gena PhotoStamper 2.1.6
Genie Backup Manager Home 8.0
GOM Player
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GSiteCrawler
HeavyWeatherPublisher 1.0
HeavyWeatherReview 1.0
HiJackThis
HydraVision
Jasc Paint Shop Photo Album
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
Label Magic
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2000 Professional
Microsoft Office Live Meeting 2005
Microsoft Publisher 98
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works 6-9 Converter
Microsoft WSE 3.0 Runtime
MPLAB Tools v7.60
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NetObjects Fusion 10.0
NetObjects Fusion 11.0
ODF Add-in for Microsoft Word
OGA Notifier 2.0.0048.0
OpenSSL 0.9.7f
PanaVue ImageAssembler 3.5.0
PayPal Plug-In
PIC16F690 Lessons
PICkit2 v2.11
PokerStars
Professional Real Estate 2001
ProMash
PTGui 8.0.2
Remote Control USB Driver
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Solid PDF Creator Plus
Solid PDF Tools
The MultiForm Solution
TourBuilder V3
UIWeather
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Weather Watcher
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
==== Event Viewer Messages From Past Week ========
4/6/2010 4:34:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
4/5/2010 9:40:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/5/2010 8:34:36 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 6 time(s).
4/5/2010 8:33:38 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 5 time(s).
4/5/2010 7:13:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x9832e166, 0x9afb3af8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040510-26546-01.
4/5/2010 4:36:27 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 4 time(s).
4/5/2010 4:33:26 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).
4/5/2010 4:32:37 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/5/2010 4:32:04 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/5/2010 4:30:27 PM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
4/5/2010 4:28:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x98540166, 0x9b61faf8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040510-27812-01.
4/5/2010 12:37:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x81ebd166, 0x9ba07af8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040510-27890-01.
4/4/2010 7:58:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x984e3166, 0x9d287af8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040410-42687-01.
4/4/2010 5:46:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x98313166, 0x9b3bbaf8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040410-26078-01.
4/4/2010 11:44:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x952ed166, 0x9d07faf8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040410-28750-01.
4/3/2010 9:05:34 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 7 time(s).
4/3/2010 8:05:44 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "2" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
4/3/2010 8:05:43 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "2" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
4/3/2010 8:03:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x984c9166, 0x9ddafaf8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040310-27781-01.
4/2/2010 7:20:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x99132166, 0x9e62baf8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040210-28671-01.
4/2/2010 7:17:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/2/2010 2:53:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x926bc166, 0x9deb7af8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040210-34406-01.
4/1/2010 8:04:10 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
4/1/2010 7:54:17 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/1/2010 7:08:23 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
4/1/2010 7:07:38 PM, Error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/1/2010 5:06:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/1/2010 5:06:33 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/1/2010 5:06:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/1/2010 4:42:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
4/1/2010 4:41:00 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.94:6331. The error status code is contained within the returned data.
4/1/2010 4:41:00 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.93:6331. The error status code is contained within the returned data.
4/1/2010 4:41:00 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.91:6331. The error status code is contained within the returned data.
4/1/2010 4:41:00 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.90:6331. The error status code is contained within the returned data.
4/1/2010 4:41:00 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.9.43:6331. The error status code is contained within the returned data.
4/1/2010 1:53:36 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
==== End Of File ===========================
DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 20:00:53.38 on Thu 04/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3327.1411 [GMT -7:00]
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\CSHelper.exe
c:\program files\ge security supra\syncservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\Windows\Installer\MSIF8BC.tmp
C:\Windows\system32\conhost.exe
C:\Windows\Installer\MSIEE5E.tmp
C:\SSL\stunnel-4.10.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\HeavyWeather\HeavyWeatherPublisher.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\HeavyWeather\heavy weather.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SolidDocuments\Solid PDF Tools\SPDFT\SolidPDFTools.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Mike\Desktop\dds.scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [HeavyWeatherPublisher] c:\heavyweather\HeavyWeatherPublisher.exe -minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WeatherWatcher] c:\program files\weather watcher\ww.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\heavyw~1.lnk - c:\heavyweather\heavy weather.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\displa~1.lnk - c:\program files\ge security supra\SyncInfoApp.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
Trusted Zone: bing.com
Trusted Zone: doccentral.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: rdesk.com
Trusted Zone: rexplorer.net
Trusted Zone: safemls.net
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: superior-host.com
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: virtualearth.net
Trusted Zone: xmlsweb.com
DPF: ImageUploader - hxxp://www.assetval.com/app/ImageUploader.CAB
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0854D220-A90A-466D-BC02-6683183802B7} - hxxp://samls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://facefun.com/FaceFun_webinstall/FaceFun.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://samls.crsdata.com/realestate/maps/downloads/mgaxctrlv65.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.riocentral.com/Image%20Uploader/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.pyramidreo.com/ImageUploader4.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://pro.realquest.com/mapviewer/mapviewer.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: {30BBADAE-3AF0-48DB-BFFA-9AD645AF925A} = 208.67.220.220,208.67.222.222
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2009-11-8 79052]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-24 172032]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-3-15 192512]
R2 SPDFCreatorPlusReadSpool;SolidPDFPlusCreatorReadSpool;c:\windows\installer\MSIF8BC.tmp [2009-2-26 189696]
R2 SPDFToolsReadSpool;SolidPDFToolsCreatorReadSpool;c:\windows\installer\MSIEE5E.tmp [2009-2-26 189696]
R3 DCamUSBET;ET USB 2760 Camera;c:\windows\system32\drivers\etDevice.sys [2007-7-20 471808]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [2007-6-14 201216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [2007-7-23 6656]
S2 gupdate1c9bca6f4ea33cd;Google Update Service (gupdate1c9bca6f4ea33cd);c:\program files\google\update\GoogleUpdate.exe [2009-4-13 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
=============== Created Last 30 ================
2010-04-07 23:27:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 23:27:22 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 23:27:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 17:19:39 5120 ------w- c:\windows\system32\BrDctF2L.dll
2010-04-05 17:19:38 73728 ------w- c:\windows\system32\BrDctF2.dll
2010-04-05 17:19:38 3072 ------w- c:\windows\system32\BrDctF2S.dll
2010-04-05 17:19:36 1534464 ----a-w- c:\windows\system32\BrWia09b.dll
2010-04-05 14:32:57 0 d-----w- c:\programdata\GRETECH
2010-04-05 14:32:13 0 d-----w- c:\program files\GRETECH
2010-04-03 21:08:56 0 d-----w- c:\program files\TrendMicro
2010-04-02 04:22:19 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-02 03:56:57 2614272 ----a-w- c:\windows\explorer.exe
2010-04-02 03:55:59 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-04-02 03:55:59 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-04-02 03:55:59 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-04-02 03:55:59 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-04-02 03:55:59 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-04-02 03:55:42 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-02 03:54:59 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-02 03:54:58 369152 ----a-w- c:\windows\system32\secproc.dll
2010-04-02 03:54:56 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-02 03:54:56 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-02 03:54:55 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-02 03:54:55 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-02 03:54:55 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-02 03:54:54 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-02 03:50:57 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-04-02 03:50:56 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-04-02 03:50:55 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-04-02 03:29:13 0 d-----w- c:\program files\Microsoft Security Essentials
2010-04-02 03:22:15 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-04-02 03:21:42 20 ----a-w- c:\windows\€ó_
2010-04-02 03:21:42 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-02 03:21:13 0 d-----w- c:\program files\Microsoft
2010-04-02 03:20:48 0 d-----w- c:\program files\Windows Live SkyDrive
2010-04-02 03:20:21 0 d-----w- c:\windows\PCHEALTH
2010-04-02 03:09:53 0 d-----w- c:\program files\common files\Windows Live
2010-04-02 03:03:28 0 d-----w- c:\windows\system32\wbem\Performance
2010-04-02 03:02:40 20 --sh--w- c:\users\mike\ntuser.ini
2010-04-02 03:02:31 0 d-sh--w- C:\Recovery
2010-04-02 02:29:11 0 d-----w- c:\windows\Panther
2010-04-02 02:07:42 0 d--h--w- C:\$WINDOWS.~Q
2010-04-02 01:55:29 0 d--h--w- C:\$INPLACE.~TR
2010-04-02 01:44:32 0 d-----w- c:\windows\system32\URTTEMP
2010-04-02 01:44:11 0 d-sh--w- c:\windows\Installer
2010-04-02 01:35:26 9504 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2010-04-02 01:35:26 9504 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2010-04-02 01:35:13 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-02 01:35:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-01 16:48:32 0 d-----w- c:\program files\VideoLAN
2010-03-30 03:46:14 65536 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2010-03-30 03:46:14 3407872 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2010-03-30 03:46:14 196608 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2010-03-30 03:45:22 0 d-----w- c:\program files\Microsoft ATS
2010-03-27 15:43:42 0 d-----w- c:\users\mike\appdata\roaming\UDC Profiles
2010-03-25 04:35:07 0 d-----w- c:\programdata\ATI
2010-03-25 04:22:45 0 d-----w- c:\program files\common files\ATI Technologies
2010-03-25 04:18:50 0 d-----w- c:\program files\ATI
2010-03-25 04:18:18 0 d-----w- c:\program files\ATI Technologies
2010-03-20 02:45:41 0 d-----w- c:\programdata\Microsoft Corporation
2010-03-19 03:42:40 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-03-19 03:42:40 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-03-19 03:42:40 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-03-19 03:42:39 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-03-19 03:41:56 0 d-----w- c:\programdata\PassMark
2010-03-19 02:22:27 0 d-----w- c:\programdata\PCPitstop
2010-03-12 15:25:23 61224 ----a-w- c:\users\mike\GoToAssistDownloadHelper.exe
==================== Find3M ====================
2010-04-02 02:34:14 22020 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-08 13:24:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2009-07-08 13:24:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2009-07-08 13:24:51 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 20:01:45.75 ===============
shelf life
2010-04-11, 04:44
I dont recognize a antivirus application. Do you have one installed and up to date? Other than that i dont see any malware in the logs.
I can provide links to free AV.
shelf life
2010-04-12, 01:48
here you go:
Avira (http://www.free-av.com/en/download/index.html)
Avast (http://www.avast.com/index)
AVG (http://free.avg.com/us-en/homepage)
MS Security Essentials (http://www.microsoft.com/Security_Essentials/)
I would install one of them, update and do a full system scan. I prefer Avast in Windows, nice clean easy GUI. Try one out for awhile, is the interface easy to understand and use?
Is it a resource hog? Uninstall it, reboot and download install another one and try it out. You dont have to stick with the first one if you dont want to.