Rangerland Forum Information

[elessar]

second solution worked the computer had been set up for spanish.

Thank you for your help.

[Rick91981]

You're welcome, always glad to help.

[Giac]

Rick, I had an issue the other day that is still bothering me just a little. My real-time virus protection caught two viruses and quarantined them both; but now can't use my control/alt/delete to get to the task manager.* I've also noticed that if I close my browser and open going back to Facebook (which is currently my home page) it requires me to log in even though I click on the "remember me" box.

I did have a couple of other thgings going on when my virus protection went off the other day, and Super Anti-Spyware asked me to allow/disallow registry entries which I disallowed, not knowing if these particulart alerts had anything to do with the virus files - I figured better safe than sorry.

I"ve got a Gigabyte-brand motherboard and Pentium Core 2 Duo 3.6ghz processor. I'm running Windows XP Pro and Office 2007, IE-8.

Neither of these issue sis major, but they're both a little annoying (especially if a program locks up and I want to try and close it through task manager).

Any advice you can give would be greatly appreciated.


*Forgot to add that ctrl/alt/delete tells me that task manager has been disabled by the administrator. Funny thing is, I'm the administrator for our computers here at home.

This post has been edited by Giac: Sep 20 2009, 08:53 PM

[Rick91981]

The disabled task manager is commonly caused by viruses/spyware. To bring it back, right click and save this file to your desktop.

http://www.tritechcomputers.net/WinXP/enabletaskmanager.reg (Firefox seems to add a .txt to the end of the filename for some reason, so rename it to enabletaskmanager.reg)

Double click the file and when it prompts you asking if you are sure you wish to add the info to the registry click yes. That should fix the Task Manager.

Also download MalwareBytes. Install it, check for updates, and do a quick scan. Let it fix everything it finds.

This post has been edited by Rick91981: Sep 20 2009, 09:25 PM

[Giac]

The disabled task manager is commonly caused by viruses/spyware. To bring it back, right click and save this file to your desktop.

http://www.tritechcomputers.net/WinXP/enabletaskmanager.reg (Firefox seems to add a .txt to the end of the filename for some reason, so rename it to enabletaskmanager.reg)

Double click the file and when it prompts you asking if you are sure you wish to add the info to the registry click yes. That should fix the Task Manager.

Also download MalwareBytes. Install it, check for updates, and do a quick scan. Let it fix everything it finds.

Rick, that took care of the Task Manager issue. I ran Malwarebytes, and it found 8 items, and I cleaned them and rebooted (as per instrictions). It still asked me for a password on Facebook (which I promptly went in and changed, just to be safe). I closed that wondow and opened a new one, and it opened up just fine.

As always, your very gracious (and fast!) assistance is most humbly appreciated!

[Rick91981]

Glad to help out. And good idea on changing the password.

[Alitaki]

Rick, what do you know about the qx9650 from intel? Every review I find online is from two years ago. I've got HP box using an Intel x38 chipset and according to their site, this is the best processor for it. I found it online for $440. Is it worth it?

[Beamer]

Rick, what do you know about the qx9650 from intel? Every review I find online is from two years ago. I've got HP box using an Intel x38 chipset and according to their site, this is the best processor for it. I found it online for $440. Is it worth it?

I'm pretty sure that's discontinued. You can get the Q9650 for about $300 - the only difference between the two is that the X is more easily overclocked, but the Q9650 is newer and features the new stepping.
If you drop down to 2.83 ghz you can shave another $80 off that price.

[Alitaki]

I'm pretty sure that's discontinued. You can get the Q9650 for about $300 - the only difference between the two is that the X is more easily overclocked, but the Q9650 is newer and features the new stepping.
If you drop down to 2.83 ghz you can shave another $80 off that price.

Blech. Good thing I restrained myself. Is it a worthwhile processor or should I bite the bullet and bump up to a core i7? Basically going to be using the PC for both gaming and video/photo editing. Not sure I can afford the prices of the i7 systems right now though.

[Rick91981]

Blech. Good thing I restrained myself. Is it a worthwhile processor or should I bite the bullet and bump up to a core i7? Basically going to be using the PC for both gaming and video/photo editing. Not sure I can afford the prices of the i7 systems right now though.

What processor are you running now? If you have a decent C2D in there then I would say it is not worth the money to make an upgrades until you move on to an i7 machine.

[Beamer]

The i7 won't add much for gaming. Really, gaming is designed around consoles and that target isn't moving. You'll get more fps out of an i7 but you're going to be around 60, anyway, so it hardly matters, and most games are limited by the GPU, not the CPU. Larrabee to the rescue!

An i7 920 is about $280, though. You can get a motherboard for about $200. For barely more than that X you've got an i7 machine. The real question is whether an i7 920 will outperform a Q9650. Both can be overclocked to 4Ghz pretty safely, and the i7 will destroy it there. Stock speeds it'll be a tradeoff but the i& will win more and more often going into the future.

[Rick91981]

An i7 920 is about $280, though. You can get a motherboard for about $200. For barely more than that X you've got an i7 machine.

The big thing you are missing though is DDR3 RAM is still expensive so that is added cost.

[Beamer]

The big thing you are missing though is DDR3 RAM is still expensive so that is added cost.

Crap, totally forgot it'd need new RAM. Duh. An extra $120 for six gigs.


In any case I never really recommend upgrading. Especially this, which is basically building a new PC. You're better off saving for a while and just going all-out with a new PC. A new power supply and new hard drive are really what it takes to complete that, and those are biggies. Power supplies and HDD aren't terribly reliable, especially as they age, and having a new HDD just makes everything feel so much smoother, anyway. Changing out the mobo, RAM and CPU likely means you'd need another Windows license and install I think, anyway.

[Alitaki]

What processor are you running now? If you have a decent C2D in there then I would say it is not worth the money to make an upgrades until you move on to an i7 machine.

The PC came standard with a q6600 2.4 GHZ processor. Its not bad, but its not great either. I've got 4GB of ram now and to have to scrap that and get a new mobo/CPU/memory for an i7 rig might stretch the budget a little too much.

[Alitaki]

Crap, totally forgot it'd need new RAM. Duh. An extra $120 for six gigs.
In any case I never really recommend upgrading. Especially this, which is basically building a new PC. You're better off saving for a while and just going all-out with a new PC. A new power supply and new hard drive are really what it takes to complete that, and those are biggies. Power supplies and HDD aren't terribly reliable, especially as they age, and having a new HDD just makes everything feel so much smoother, anyway. Changing out the mobo, RAM and CPU likely means you'd need another Windows license and install I think, anyway.

Yeah, I've been pricing out building an i7 rig and I just don't have that kind of money right now. even bare minimum specs and with deals. Too many other things going on right now to drop that kind of change. I figure if I bump the process to faster one and upgrade the video card from the crappy FX570 that's in there now I can get good mileage out of this rig.

[Beamer]

Yeah, I've been pricing out building an i7 rig and I just don't have that kind of money right now. even bare minimum specs and with deals. Too many other things going on right now to drop that kind of change. I figure if I bump the process to faster one and upgrade the video card from the crappy FX570 that's in there now I can get good mileage out of this rig.

Yeah, I've been doing the same; my main PC is much older than yours. I figure I can get what I want for $1000-1200, but I'd also want a new 24" monitor. And probably two graphics cards to power my three monitors.

You should be pretty good, though. You already have a quad core. Get a new graphics card and you're golden. Quadro's suck and just aren't made for gaming. Your processor is solid still, though. Get a newer graphics card, something around $200 maybe, and you'll run anything out there.

[Zaylenz]

If you get a new graphics card, especially the higher end ones, make sure you have a big enough powersupply and the correct power connectors to run it. I recently got a GeForce 260 GTX and it required 2 extra 4-pin power connectors to run and recommended a minimum 550W powersupply.

There were adapters to convert the normal 4-pin power connectors into the type needed for the card, but I think it was 2 of the regular 4-pin power connectors to make one of the special ones for the video card, so make sure you have enough.

[Rick91981]

Get a newer graphics card, something around $200 maybe, and you'll run anything out there.

Bingo. New GPU and you got yourself a solid machine there. No need to further upgrade it unless you want to build a whole new rig. Other upgrades will not bring enough bang for the buck.

If you get a new graphics card, especially the higher end ones, make sure you have a big enough powersupply and the correct power connectors to run it. I recently got a GeForce 260 GTX and it required 2 extra 4-pin power connectors to run and recommended a minimum 550W powersupply.

There were adapters to convert the normal 4-pin power connectors into the type needed for the card, but I think it was 2 of the regular 4-pin power connectors to make one of the special ones for the video card, so make sure you have enough.

Good advice. Check this out for a good estimate of what kind of wattage you need in a PSU.

[Alitaki]

The power supply is 475w so I think I'm OK in that regard. Geez, I'm so out of touch with PC hardware upgrades its not even funny. I haven't upgraded my P4 in 7 years and it wasn't until my company decided it wasn't going to support the quad core box and it fell into my lap that I even thought about a new system let alone upgrading. I've fallen way behind the times.

[Ulfie #5]

Hey guys...I was up til the wee hours last night trying to fix my damn computer with no luck. Here's what's going on (Dell running Vista SP2)
First, the computer got real sluggish yesterday and IE would not open. In fact, nothing opened. I hit ctrl-alt-delete and it hung on a black screen. Then I go a message saying "Failure-Security Options". I had to manually shut down several times. I did a Google search and found alot of people having the same problems with no real solutions. I tried some changes in the startup screen. Had to reinstall AVG antivirus 8.5. Also ran malwarebytes but found nothing. By the end of the night I had my screen name working more or less OK. But when switching to my wife's screen name the issues arose again.

Concurrently, I had an issue in IE. Whenever I googled for solutions to the security options problem and I tried to click on a link I got redirected to a bunch of other sites. I would have to hit "back" and click the link 3 times to finally get to the site.

I ran malwarebytes again as well as spybot and superantispyware and found only some tracking cookies.

Any thoughts? I am at work now but I'll be in front of the computer tonight trying again to fix it. Would posting a "Hijackthis" dump help?

[Rick91981]

Hey guys...I was up til the wee hours last night trying to fix my damn computer with no luck. Here's what's going on (Dell running Vista SP2)
First, the computer got real sluggish yesterday and IE would not open. In fact, nothing opened. I hit ctrl-alt-delete and it hung on a black screen. Then I go a message saying "Failure-Security Options". I had to manually shut down several times. I did a Google search and found alot of people having the same problems with no real solutions. I tried some changes in the startup screen. Had to reinstall AVG antivirus 8.5. Also ran malwarebytes but found nothing. By the end of the night I had my screen name working more or less OK. But when switching to my wife's screen name the issues arose again.

Concurrently, I had an issue in IE. Whenever I googled for solutions to the security options problem and I tried to click on a link I got redirected to a bunch of other sites. I would have to hit "back" and click the link 3 times to finally get to the site.

I ran malwarebytes again as well as spybot and superantispyware and found only some tracking cookies.

Any thoughts? I am at work now but I'll be in front of the computer tonight trying again to fix it. Would posting a "Hijackthis" dump help?

You definitely sound like you have a nasty spyware infection. Have you tried running malwarebytes and superantispyware from safe mode? Also make sure the programs are fully updated before you run them.

[Ulfie #5]

I originally ran them in normal mode. as per your instructions I am currently running malwarebytes full scan in safe mode (I am now home "sick" from work). 22 minutes in and no infections found yet.

I will try superantispyware next and report back with the findings.

* Update #1: Malwarebytes found nothing on the full system scan. Now running SUPERAntispyware

* Update #2: SuperAntispyware found 14 tracking cookies. Deleted them and booted into normal mode.

Didn't take long for things to act up again. Redirects in IE like crazy. "Failure- Security Options" when I try to get to task manager.

I am thinking of resetting to factory settings.

This post has been edited by Ulfie #5: Oct 5 2009, 01:46 PM

[teddyc]

so I go to replace my keyboard on my dell inspiron laptop and POP....I broke the keyboard connector!

I swear I barely touched it?

anyhow...I rigged it temporarily with half assed results (some corner keys do not respond), but would really like to have this back in shape. do I really need to replace the motherboard to fix this?

If yes...can an amateur like myself replace a motherboard...I don't want to send my laptop in and I don't want to lug around a USB keyboard from now on.

help

[Rick91981]

so I go to replace my keyboard on my dell inspiron laptop and POP....I broke the keyboard connector!

I swear I barely touched it?

anyhow...I rigged it temporarily with half assed results (some corner keys do not respond), but would really like to have this back in shape. do I really need to replace the motherboard to fix this?

If yes...can an amateur like myself replace a motherboard...I don't want to send my laptop in and I don't want to lug around a USB keyboard from now on.

help

If it is under warranty they might send a tech out to replace it for you on site. Replacing a motherboard in a laptop is not the easiest thing to do. If you are really good taking things apart and putting them together then you might be able to do it yourself, but I wouldn't recommend it. I myself would not even replace a laptop mobo. Too much effort to get the whole thing apart and then inevitably there are extra screws leftover after things get put back together.

[Ulfie #5]

situation update in my initial post above...

[Rick91981]

I am thinking of resetting to factory settings.

It may come to that. Sometimes that is by far the easiest way to remove stubborn malware as opposed to arguing with it for days on end. If you have all your important files backed up and not many programs installed and are willing to just start over from the restore disc then that is one way to go. If you want to try and save it first, try running Spybot in safemode and report back.

If no improvements, you can try combofix, but it doesn't always play well with Vista. To run combofix, first make sure all important files are backed up as it can be an aggressive program. Download it and then close out of all open programs. Double click the combofix.exe icon on your desktop. A popup may come by showing acceptable locations to download the program from just click ok. Click yes to agree to the disclaimer. It will do some file backups and just be patient for a minute. It will prompt you about the recovery console not being installed. Click no, you do not need to install it. Then it will start running the program. Sit back and relax as this may take a while. Do not touch the machine while this is going. The machine will automatically reboot itself if it deems necessary. When it reboots still do not touch it until a log file pops up (unless you need to enter a password to log into windows. If so, enter the password and then leave it alone).

[Bavoo]

I am having the exact same problem guys! I don't think it's a malware problem, I think it's a Win Vista problem.

How else can you explain the 1000's of others having the exact same problem as well as the various programs reporting no infections?

I factory restored once before when Vista hosed me and it sucks ass having to restore everything you've ever installed.

Fuck You Microsoft

[Ulfie #5]

Thanks Rick. Your strategy will be my plan of attack. Right now I am playing with the Services in msconfig to see if any of them cause the issue. I am enabling half at a time and then looking for symptoms. If all is well I enable to other half, cutting in half each cycle. Will report back..


THANK YOU for your help !!!!!!!

[Ulfie #5]

I ran Combofix. Here is the log:

ComboFix 09-10-04.01 - Andy 10/05/2009 17:33.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.861 [GMT -4:00]
Running from: k:\andy's files\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3990554762-1353642550-3768045812-500
c:\program files\IEToolbar
c:\users\Andy\AppData\Roaming\inst.exe
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoViewer.exe
c:\windows\Installer\4a9749.msi
c:\windows\Installer\WMEncoder.msi

Infected copy of c:\windows\System32\drivers\nvstor32.sys was found and disinfected
Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-05 21:40 . 2009-10-05 21:40 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-10-05 21:40 . 2009-10-05 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-05 21:40 . 2009-10-05 21:40 -------- d-----w- c:\users\Andy\AppData\Local\temp
2009-10-05 19:30 . 2009-10-05 19:30 680 ----a-w- c:\users\Andy\AppData\Local\d3d9caps.dat
2009-10-05 03:18 . 2009-10-05 03:18 -------- d-----w- c:\users\Harriette\AppData\Roaming\SUPERAntiSpyware.com
2009-10-05 03:17 . 2009-10-05 03:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-05 03:00 . 2009-10-05 03:00 -------- d-----w- c:\program files\CCleaner
2009-10-05 02:56 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 02:56 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-05 02:34 . 2009-10-05 02:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-05 02:29 . 2009-10-05 02:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-05 02:29 . 2009-10-05 02:29 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-05 02:29 . 2009-10-05 02:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-05 02:29 . 2009-10-05 02:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-05 02:29 . 2009-10-05 16:15 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-05 01:46 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-05 00:19 . 2009-10-05 00:21 -------- d-----w- c:\windows\system32\catroot2(270)
2009-10-04 21:51 . 2009-10-04 22:01 -------- d-----w- C:\$AVG8.VAULT$
2009-10-04 21:33 . 2009-10-05 03:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-04 21:33 . 2009-10-04 21:33 -------- d-----w- c:\users\Andy\AppData\Roaming\SUPERAntiSpyware.com
2009-10-04 20:58 . 2009-10-05 02:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 20:35 . 2009-10-04 20:35 11952 ----a-w- c:\windows\system32\avgrsstx(269).dll
2009-10-04 20:28 . 2009-10-04 20:28 -------- d-----w- c:\users\Andy\AppData\Roaming\AVG8
2009-10-04 12:30 . 2009-10-04 12:30 -------- d-----w- c:\users\Harriette\AppData\Roaming\Malwarebytes
2009-10-03 18:26 . 2009-10-03 18:26 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes
2009-09-30 00:01 . 2009-10-05 01:30 -------- d-----w- c:\program files\Ask.com
2009-09-30 00:01 . 2009-10-05 01:30 -------- d-----w- c:\program files\PFPortChecker
2009-09-27 19:04 . 2009-10-05 01:31 -------- d-----w- c:\users\Andy\AppData\Roaming\vlc
2009-09-27 17:58 . 2009-09-27 17:58 -------- d-----w- c:\program files\VideoLAN
2009-09-27 02:48 . 2009-09-27 02:48 -------- d-----w- c:\program files\Digiarty
2009-09-27 00:17 . 2009-09-27 03:02 -------- d-----w- c:\users\Harriette\AppData\Roaming\uTorrent
2009-09-22 23:10 . 2009-10-05 21:19 -------- d-----w- c:\users\Andy\Tracing
2009-09-16 12:23 . 2009-10-05 20:57 -------- d-----w- c:\users\Harriette\Tracing
2009-09-16 12:22 . 2009-09-16 12:22 -------- d-----w- c:\program files\Microsoft
2009-09-16 12:22 . 2009-09-16 12:22 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 12:22 . 2009-09-16 12:22 -------- d-----w- c:\program files\Windows Live
2009-09-13 00:06 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-13 00:06 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-13 00:06 . 2009-09-13 00:06 -------- d-----w- c:\program files\iPod
2009-09-13 00:03 . 2009-09-13 00:03 -------- d-----w- c:\program files\QuickTime
2009-09-12 03:43 . 2009-09-12 03:43 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 19:03 . 2009-01-09 01:40 -------- d-----w- c:\users\Andy\AppData\Roaming\uTorrent
2009-10-05 18:30 . 2007-10-23 05:52 84440 ----a-w- c:\users\Andy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-05 16:19 . 2007-10-29 01:14 -------- d-----w- c:\users\Harriette\AppData\Roaming\MSN6
2009-10-05 01:41 . 2007-12-11 03:24 -------- d-----w- c:\program files\PeerGuardian2
2009-10-05 01:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-05 01:30 . 2009-05-02 17:02 -------- d-----w- c:\program files\PHP
2009-10-05 01:30 . 2008-02-10 04:13 -------- d-----w- c:\program files\Netflix
2009-10-05 01:30 . 2007-10-25 01:17 -------- d-----w- c:\program files\Roxio
2009-10-05 01:30 . 2009-08-31 13:44 -------- d-----w- c:\program files\MyDVDTools
2009-10-05 01:30 . 2009-07-13 02:10 -------- d-----w- c:\program files\Bonjour
2009-10-05 01:30 . 2008-04-15 00:34 -------- d-----w- c:\program files\ImTOO
2009-10-05 01:30 . 2008-02-16 13:04 -------- d-----w- c:\program files\megui
2009-10-05 01:30 . 2007-10-27 17:51 -------- d-----w- c:\program files\LimeWire
2009-10-05 01:30 . 2007-10-27 00:52 -------- d-----w- c:\program files\Eastside Hockey Manager
2009-10-05 01:30 . 2008-12-27 03:57 -------- d-----w- c:\program files\AutoGK
2009-10-05 00:18 . 2009-10-05 00:18 -------- d--h--w- c:\users\Administrator\AppData\Roaming\GTek
2009-10-03 16:07 . 2007-10-27 17:52 -------- d-----w- c:\users\Andy\AppData\Roaming\LimeWire
2009-09-28 13:21 . 2008-11-15 12:40 -------- d-----w- c:\users\Harriette\AppData\Roaming\Move Networks
2009-09-22 02:38 . 2007-10-24 02:24 -------- d-----w- c:\users\Andy\AppData\Roaming\Apple Computer
2009-09-22 02:33 . 2009-05-02 19:13 -------- d-----w- c:\users\Harriette\AppData\Roaming\LimeWire
2009-09-15 23:58 . 2007-11-14 01:17 -------- d-----w- c:\users\Harriette\AppData\Roaming\Apple Computer
2009-09-13 14:40 . 2007-10-23 20:55 -------- d-----w- c:\users\Andy\AppData\Roaming\MSN6
2009-09-13 00:06 . 2008-11-25 19:32 -------- d-----w- c:\program files\iTunes
2009-09-13 00:06 . 2007-10-24 02:19 -------- d-----w- c:\program files\Common Files\Apple
2009-09-12 03:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-12 03:29 . 2008-02-16 01:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-05 16:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-05 16:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-05 16:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-05 16:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-05 16:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-05 16:53 . 2009-09-05 16:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-01 13:03 . 2009-02-21 01:07 84440 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-31 13:54 . 2007-10-23 22:11 84440 ----a-w- c:\users\Harriette\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-31 13:54 . 2009-08-31 13:54 -------- d-----w- c:\program files\avi.NET
2009-08-31 13:44 . 2009-08-31 13:44 1 ----a-w- c:\windows\system32\SysDVDtoMPeg.dat
2009-08-29 02:44 . 2009-08-29 02:44 -------- d-----w- c:\program files\Common Files\Remote Control Software Common
2009-08-29 02:44 . 2009-08-29 02:44 -------- d-----w- c:\program files\Logitech
2009-08-29 00:27 . 2009-09-02 23:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 23:08 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:42 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-14 16:27 . 2009-09-09 12:47 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 12:47 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 12:47 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 12:47 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 12:47 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 12:47 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 12:47 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 12:47 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 12:47 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 12:47 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 12:47 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 23:04 . 2009-08-13 00:21 -------- d-----w- c:\program files\CARCare
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 21:52 . 2009-07-29 21:27 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 21:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 21:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 21:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-11 23:01 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-11 23:01 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-11 23:01 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-11 23:01 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-11 23:01 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 12:47 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 12:47 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 12:47 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 12:47 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 12:47 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-09 14:29 . 2009-07-09 14:29 103720 ----a-w- c:\users\Harriette\GoToAssistDownloadHelper.exe
2007-10-23 21:14 . 2007-10-23 21:14 32 --sha-w- c:\windows\{6D38D17B-4A43-4423-96A2-FF93B6833A5F}.dat
2006-05-03 10:06 . 2009-06-04 15:51 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-06-04 15:51 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-06-04 15:51 216064 --sh--r- c:\windows\System32\nbDX.dll
2007-10-23 21:14 . 2007-10-23 21:14 32 --sha-w- c:\windows\System32\{FC390924-02D5-4D03-A57B-4726D89EB48E}.dat
2007-10-19 03:29 . 2007-10-19 03:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 21:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Dell DataSafe Scheduler"="c:\program files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [2007-12-02 308464]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-24 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-24 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-24 8429568]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2007-11-20 731136]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-05 2007832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-15 4390912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):6d,3a,62,18,4b,2e,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{29B24D81-112F-473A-8EBE-7D05E48F812B}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{DF67F39F-F4B6-4DFE-ACEA-A20EDD672488}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{91097CD1-1E51-4B7E-8B24-FFB30477A0CF}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{B3637C88-5562-4BA0-BE2C-521D8EB0B732}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{F634D995-D08A-4138-A9F6-9980387CBB53}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{64030202-F034-4F29-BCAA-5D7CC07819CB}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{878266A6-8874-4CC7-9399-222A64F26427}c:\\users\\andy\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\andy\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{5776A8F9-3384-4E17-A389-11680BA9DBB5}c:\\users\\andy\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\andy\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{311F1BE7-42AA-4215-813B-A2EAE3DDE625}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{1427A126-0481-4404-B9A5-1EBA2274AA00}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{B3EFAE3D-6F45-4205-94B5-4D87B77F69A7}c:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{139EF927-C3C3-48A4-B0D5-B520BAF27228}c:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"{A8F53EDB-5D74-413D-97E1-AB84A03BCE09}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BC64B2A3-EDCC-4996-B98A-228C0A349660}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{EEA7D974-4827-4A00-AE3A-DC6B69E4F48C}c:\\program files\\bittornado\\btdownloadgui.exe"= UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{4B702A09-9504-4CB3-9043-4B46836884C6}c:\\program files\\bittornado\\btdownloadgui.exe"= TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{E8BBAF43-BA7D-4A2B-BDFB-E4D0684FB4A6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{40DCF2E2-2B92-46D6-88E0-B621840348F9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{99F6431A-59E0-41E2-AD0D-841B605539B0}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{93552AE1-4E04-4504-9225-8B646123412C}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{2FE6EFE2-4FEF-41C3-9A24-C2B20443F2D9}c:\\program files\\bitpim\\bitpimw.exe"= UDP:c:\program files\bitpim\bitpimw.exe:Open Source Mobile Phone Tool
"UDP Query User{DAA10E33-B5F1-465D-83A3-637FDD9D3779}c:\\program files\\bitpim\\bitpimw.exe"= TCP:c:\program files\bitpim\bitpimw.exe:Open Source Mobile Phone Tool
"{83B0D1F3-BE47-4F25-9279-E868F49509F0}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{B32861D5-43B4-474B-BCE2-E60BDC866792}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{45A5D1EB-C05D-4492-AC70-0579DE0342A8}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"TCP Query User{41E85C56-F7C9-49C8-BD0F-4B273DDF42D8}c:\\easywamp\\apache2\\bin\\apache.exe"= UDP:c:\easywamp\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{E24C01C0-2F3D-4ED9-972D-CB958200C001}c:\\easywamp\\apache2\\bin\\apache.exe"= TCP:c:\easywamp\apache2\bin\apache.exe:Apache HTTP Server
"{E88C4A36-9B9B-4E01-9145-B57DD14F4DEC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6C0ECBC7-A632-40E3-BC03-26CF9EC51B53}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{206836AA-B7FF-4DC2-A3E3-B13B2C7ECE5B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{ABA1BFB0-2ABC-4C22-81CE-387BCFE60F29}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{37048BD8-8F1C-4AF8-8442-4F0B0B34D35B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{53682534-8537-4E84-B499-A6ED6C59D445}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{1C74C2AD-2E70-4A2A-907A-1BC6073C865A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{83902DAB-1C7A-4101-AAFA-D5898F89E08B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{DA23A22D-67FD-4C8B-BA4D-3E2296AFB34B}"= UDP:51163:utorrent
"TCP Query User{2E06560A-CD9B-4DD4-8825-1FB81E5724E1}c:\\program files\\pfportchecker\\pfportchecker.exe"= UDP:c:\program files\pfportchecker\pfportchecker.exe:PFPortchecker by portforward.com helps check if your ports are properly forwarded.
"UDP Query User{0009DCEE-8E72-423E-9919-264307704C5F}c:\\program files\\pfportchecker\\pfportchecker.exe"= TCP:c:\program files\pfportchecker\pfportchecker.exe:PFPortchecker by portforward.com helps check if your ports are properly forwarded.
"{AA47F8BA-A26D-45F6-9DB5-77B71966F3D2}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{06C3581D-1F4B-4833-A9B2-DAEE2850AAB9}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/4/2009 10:29 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/4/2009 10:29 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/4/2009 10:28 PM 297752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [10/4/2009 10:34 PM 1153368]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 23:56]

2009-10-05 c:\windows\Tasks\User_Feed_Synchronization-{68B48EDF-47A2-48CC-B00F-D1BE1FE55026}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1254492326&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SymTray - Norton SystemWorks - c:\program files\Common Files\Symantec Shared\Symtray.exe
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
AddRemove-SantaGames.Net - c:\windows\SantaGames.Net
AddRemove-SantaGames.Net - c:\windows\SantaGames.Net



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 17:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}03\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}04\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}05\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-05 17:42
ComboFix-quarantined-files.txt 2009-10-05 21:42

Pre-Run: 45,258,469,376 bytes free
Post-Run: 44,983,230,464 bytes free

386 --- E O F --- 2009-10-05 01:46

[teddyc]

If it is under warranty they might send a tech out to replace it for you on site. Replacing a motherboard in a laptop is not the easiest thing to do. If you are really good taking things apart and putting them together then you might be able to do it yourself, but I wouldn't recommend it. I myself would not even replace a laptop mobo. Too much effort to get the whole thing apart and then inevitably there are extra screws leftover after things get put back together.

OK...I can't remember if this is under warranty, but thanks.

This reminds me of my 1980 Chevy Citation. A small piece of plastic is messing up my machine - at the time it was a little gear that pulled the clutch cable...argh!

[Ulfie #5]

Well it has now been an hour and all seems well. I am able to access control panel and task manager, switch between users, and open files and documents, all without any of the issues I've been having. It looks like combofix did the trick.

Bavoo, give it a shot.

Rick, you are a GENIUS!

[Rick91981]

Well it has now been an hour and all seems well. I am able to access control panel and task manager, switch between users, and open files and documents, all without any of the issues I've been having. It looks like combofix did the trick.

Bavoo, give it a shot.

Rick, you are a GENIUS!

Glad to help out. If it doesn't come back by itself within a few hours or days then you should be in the clear. If the problems persist, then I will need to direct you to another website where the guys specialize in spyware removal and will be able to clean it 100%. They are better than I am.

[Ulfie #5]

Glad to help out. If it doesn't come back by itself within a few hours or days then you should be in the clear. If the problems persist, then I will need to direct you to another website where the guys specialize in spyware removal and will be able to clean it 100%. They are better than I am.

I'll keep an eye out for symptoms....

In the meantime, I keep getting an error popup that says "Saupdate.exe has stopped working". Can you tell me what that is? Google search says it's from Big Brother. I have no idea what that is. When that window popped up my mouse started acting weird.

[Bavoo]

Here's the log...I can't make heads or tails of it...I don't think it found anything tho...rick?

ComboFix 09-10-04.01 - Joe 10/05/2009 19:23.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1972 [GMT -4:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-05 23:31 . 2009-10-05 23:31 -------- d-----w- c:\users\Joe\AppData\Local\temp
2009-10-05 23:31 . 2009-10-05 23:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-05 23:31 . 2009-10-05 23:31 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-10-05 23:31 . 2009-10-05 23:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-04 22:29 . 2009-10-04 22:29 -------- d-----w- c:\users\Joe\Office Genuine Advantage
2009-10-04 20:58 . 2009-10-04 20:58 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-29 20:27 . 2009-09-29 20:34 -------- d-----w- c:\users\Joe\AppData\Local\Canon Easy-PhotoPrint EX
2009-09-29 20:27 . 2009-09-29 20:27 -------- d--h--w- c:\programdata\CanonIJEPPEX
2009-09-29 20:00 . 2009-09-29 20:00 -------- d--h--w- c:\programdata\CanonIJSolutionMenu
2009-09-29 19:58 . 2009-09-29 19:58 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2009-09-29 19:58 . 2009-10-02 03:16 -------- d-----w- c:\programdata\CanonIJPLM
2009-09-29 19:51 . 2009-09-29 19:51 -------- d-----w- c:\program files\Common Files\CANON
2009-09-29 19:47 . 2009-09-29 19:47 -------- d--h--w- c:\programdata\CanonBJ
2009-09-29 19:46 . 2009-09-29 19:46 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-09-29 19:43 . 2008-04-01 05:00 230912 ----a-w- c:\windows\system32\CNMLM9H.DLL
2009-09-29 19:42 . 2008-04-07 14:58 98304 ----a-w- c:\windows\system32\CNC240I.DLL
2009-09-29 19:42 . 2008-03-10 13:59 270336 ----a-w- c:\windows\system32\CNC240L.DLL
2009-09-29 19:42 . 2007-03-15 14:12 188416 ----a-w- c:\windows\system32\CNC240O.DLL
2009-09-29 19:42 . 2008-04-07 14:58 1339392 ----a-w- c:\windows\system32\CNC240C.DLL
2009-09-29 19:42 . 2009-09-29 19:42 -------- d--h--w- c:\program files\CanonBJ
2009-09-29 19:40 . 2009-09-29 19:58 -------- d-----w- c:\program files\Canon
2009-09-27 16:19 . 2009-09-27 16:19 -------- d-----w- c:\program files\iPod
2009-09-27 16:19 . 2009-09-27 16:20 -------- d-----w- c:\program files\iTunes
2009-09-26 04:18 . 2009-09-26 04:18 -------- d-----w- c:\programdata\SpinTop Games
2009-09-22 03:07 . 2009-09-22 19:26 -------- d-----w- c:\users\Joe\AppData\Roaming\TrueCrypt
2009-09-22 03:05 . 2009-09-22 03:05 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-09-22 03:05 . 2009-09-22 03:05 -------- d-----w- c:\program files\TrueCrypt
2009-09-20 19:34 . 2009-09-20 19:34 -------- d-----w- c:\programdata\iWin
2009-09-20 19:32 . 2009-09-20 19:32 -------- d-----w- c:\windows\Zuma's Revenge
2009-09-20 19:13 . 2009-09-20 19:33 -------- d-----w- c:\program files\Popcap Game Collection
2009-09-20 03:10 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-20 03:10 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-20 03:09 . 2009-09-20 03:10 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 17:39 . 2009-09-19 17:40 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-09-12 16:16 . 2009-09-12 16:16 -------- d-----w- c:\users\Joe\AppData\Roaming\Leadertech
2009-09-12 16:11 . 2009-09-12 17:16 -------- d-----w- c:\program files\Common Files\Logishrd
2009-09-12 16:11 . 2009-09-12 17:17 -------- d-----w- c:\program files\Logitech
2009-09-09 01:06 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 01:05 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 01:05 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 01:05 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 01:05 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 01:05 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 01:05 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 01:05 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 01:05 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 01:05 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 01:05 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 01:05 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 01:03 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 01:03 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 01:03 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 01:03 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 01:03 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 22:03 . 2008-11-18 08:33 -------- d-----w- c:\users\Joe\AppData\Roaming\vlc
2009-10-05 22:03 . 2008-11-15 15:19 -------- d-----w- c:\users\Joe\AppData\Roaming\BitTorrent
2009-10-05 22:03 . 2009-05-28 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 16:19 . 2008-11-15 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-09-21 21:45 . 2009-06-25 14:09 -------- d-----w- c:\programdata\PopCap Games
2009-09-20 19:13 . 2008-03-31 17:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-20 03:12 . 2008-11-15 06:10 -------- d-----w- c:\users\Joe\AppData\Roaming\Apple Computer
2009-09-20 03:07 . 2008-11-23 04:40 -------- d-----w- c:\program files\QuickTime
2009-09-13 02:38 . 2009-06-14 11:31 -------- d-----w- c:\program files\Windows Live
2009-09-12 17:16 . 2009-05-23 03:03 -------- d-----w- c:\programdata\LogiShrd
2009-09-09 22:40 . 2008-11-22 08:08 -------- d-----w- c:\users\Joe\AppData\Roaming\Vso
2009-09-09 15:19 . 2008-12-17 21:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 14:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 14:34 . 2008-11-15 05:16 -------- d-----w- c:\programdata\Microsoft Help
2009-09-02 12:28 . 2009-01-11 02:50 680 ----a-w- c:\users\Joe\AppData\Local\d3d9caps.dat
2009-08-31 21:57 . 2009-08-31 21:50 -------- d-----w- c:\programdata\Roxio
2009-08-31 21:50 . 2009-08-31 21:50 -------- d-----w- c:\users\Joe\AppData\Roaming\Roxio
2009-08-30 01:23 . 2009-05-23 02:02 -------- d-----w- c:\users\Joe\AppData\Roaming\Skype
2009-08-29 20:02 . 2009-05-23 02:03 -------- d-----w- c:\users\Joe\AppData\Roaming\skypePM
2009-08-29 00:27 . 2009-09-02 21:51 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:51 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:42 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 21:38 . 2009-08-26 21:38 -------- d-----r- c:\program files\Skype
2009-08-26 21:38 . 2009-08-26 21:38 -------- d-----w- c:\program files\Common Files\Skype
2009-08-26 21:38 . 2009-05-23 02:01 -------- d-----w- c:\programdata\Skype
2009-08-20 20:48 . 2008-11-15 04:39 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-20 20:48 . 2008-11-15 04:39 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-20 20:48 . 2008-11-15 04:39 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-20 20:48 . 2008-11-15 04:39 -------- d-----w- c:\program files\Symantec
2009-08-18 19:11 . 2008-12-19 13:23 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-08-18 17:42 . 2009-04-06 00:53 -------- d-----w- c:\users\Joe\AppData\Roaming\Winamp
2009-08-18 17:30 . 2009-04-06 00:53 -------- d-----w- c:\program files\Winamp
2009-08-18 05:05 . 2009-08-18 05:03 -------- d-----w- c:\programdata\RapidSolution
2009-08-18 05:05 . 2009-08-18 05:05 -------- d-----w- c:\program files\PixiePack Codec Pack
2009-08-18 05:03 . 2009-08-18 05:03 -------- d-----w- c:\program files\RapidSolution
2009-08-11 03:37 . 2008-12-25 03:11 -------- d-----w- c:\users\Joe\AppData\Roaming\dvdcss
2009-08-09 03:03 . 2009-08-09 03:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-09 03:02 . 2009-08-09 03:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-09 03:02 . 2009-08-09 03:02 -------- d-----w- c:\users\Joe\AppData\Roaming\SUPERAntiSpyware.com
2009-08-09 03:01 . 2009-08-09 03:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 21:52 . 2009-07-29 13:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 13:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 13:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 13:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 20:31 . 2008-11-15 03:44 109264 ----a-w- c:\users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-17 13:54 . 2009-08-12 19:33 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 19:33 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 19:33 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 19:33 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 19:33 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-03-25 23:53 . 2008-11-18 07:58 88 --sha-r- c:\windows\System32\AC1A163C6A.sys
2009-03-25 23:53 . 2008-11-18 07:58 6890 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-04-23 801904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-23 4718592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOLDDI.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOLDDI.lnk
backup=c:\windows\pss\AOLDDI.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):93,14,5a,5f,cf,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C292993C-76F7-4D8E-83C5-91FE260DF3E0}"= UDP:c:\program files\AOL\RC\regclient.exe:AOL
"{90D54980-BB06-4151-A79B-7B55726523AD}"= TCP:c:\program files\AOL\RC\regclient.exe:AOL
"{461C016A-AC02-4058-A23C-9A374404B944}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{C11C1BA7-F4A6-493E-9BB3-35BC063858AB}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{387A00C5-871D-4881-9136-C5E0C5CCE02D}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{6D38E3C0-0A26-4C1C-89AE-9650F5729350}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{C8CAE08B-460F-4681-BB63-488EE21FC133}"= UDP:c:\program files\Common Files\aol\1226726899\ee\aolsoftware.exe:AOL Shared Components
"{EA625F02-5C25-458C-A957-CAEA8AB51816}"= TCP:c:\program files\Common Files\aol\1226726899\ee\aolsoftware.exe:AOL Shared Components
"{E7C6AC30-41F6-4C32-B427-EF6240306068}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{A4C75491-F330-48AD-BC8A-65FBB6D28789}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"{6FB783C3-3D5F-40FB-8FF9-20776077BC62}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{E69184DE-B636-4BA5-BBF1-07C859AADB52}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{2D79EFAC-A81C-4A31-B432-01B93E81B4B0}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{6D78BD67-8386-40D6-8B9E-FE53D93EA16E}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{0E9F105A-FE10-4BA4-8F46-251F605A9318}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{E0C1D5D0-5FAB-4D13-920A-8E34FBDE4CA6}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{DEDEF1EA-E100-4278-8337-85CBD81EDC1A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{A57A04BB-D140-4F5A-9706-4B484BF556B9}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{6A797300-9482-4F60-81E1-8F09D9F6BB5D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6B42A0BA-6FC1-44AF-8730-E6A2CBBCE2EA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3D774EDF-947F-4526-B657-ECA939BC178C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D0F73C10-7A5A-4279-84D1-18134E53038D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BED34E16-40B6-433C-A146-EBD4E9CC8052}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{55868DD0-6111-4759-A1D2-3A83D8FD06BA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D7C9113C-7428-410A-A5BF-37C922B9B76B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{369F7486-57F7-4F09-9B67-4BEF00F8F0A5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E8D50B50-9BC5-4610-891B-D79F2337CFA1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{7879E625-C182-4F75-9F9B-E1FF6A2E8BFD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A7B7F45D-E1E2-4586-9E44-C59DB80EC6C2}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{29F31F84-09F9-48F9-AA9E-FD0EC8E43767}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FCC295CA-9B46-4379-B006-1076ECE21AEC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [9/8/2009 9:12 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [9/8/2009 9:12 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [9/8/2009 9:11 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSvix86.sys [9/16/2009 6:26 PM 342576]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [11/13/2008 2:17 PM 439616]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [9/8/2009 9:11 PM 117640]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/18/2007 12:09 AM 11032]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [3/31/2008 1:15 PM 9344]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [9/8/2009 9:12 PM 48688]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [3/31/2008 1:13 PM 812544]
S2 gupdate1c9ff3bfa6d24e0;Google Update Service (gupdate1c9ff3bfa6d24e0);c:\program files\Google\Update\GoogleUpdate.exe [7/7/2009 3:49 PM 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [4/5/2009 10:07 PM 84832]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [11/15/2008 1:27 AM 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [11/15/2008 1:27 AM 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [11/15/2008 1:27 AM 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [3/31/2008 2:12 PM 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [3/31/2008 2:13 PM 87328]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 19:48]

2009-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:48]

2009-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:48]

2009-10-05 c:\windows\Tasks\User_Feed_Synchronization-{9C22F8B6-2305-46F2-8B7F-FF0F232108D6}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 19:31
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-05 19:34
ComboFix-quarantined-files.txt 2009-10-05 23:34
ComboFix2.txt 2009-10-05 23:12

Pre-Run: 138,665,611,264 bytes free
Post-Run: 138,618,789,888 bytes free

276 --- E O F --- 2009-09-22 07:00

[Rick91981]

I'll keep an eye out for symptoms....

In the meantime, I keep getting an error popup that says "Saupdate.exe has stopped working". Can you tell me what that is? Google search says it's from Big Brother. I have no idea what that is. When that window popped up my mouse started acting weird.

That file is part of a system monitor for ATT/Quest internet connections.

[Rick91981]

Here's the log...I can't make heads or tails of it...I don't think it found anything tho...rick?

I don't see anything that blatantly stands out as bad. Just to be safe, have you also updated and ran superantispyware and malwarebytes?


Truecrypt huh? Got something to hide?

[Bavoo]

malwarebytes has been updated and run...I will run superantisspyware when I get home.

I use Truecrypt for my writing. I'm really insecure and don't want anyone seeing it...

[Rick91981]

malwarebytes has been updated and run...I will run superantisspyware when I get home.

Let me know how the scan goes.

I use Truecrypt for my writing. I'm really insecure and don't want anyone seeing it...

If you REALLY want to hide files, create a Hidden volume

[Bavoo]

Truecrypt does that, actually. You have to mount the drive before you can access what is on it. You cannot mount the drive without the password.

kinda cool, actually

[Rick91981]

Truecrypt does that, actually. You have to mount the drive before you can access what is on it. You cannot mount the drive without the password.

kinda cool, actually

Yeah you create the hidden volume using truecrypt. It creates a hidden volume inside of a standard trucrypt volume. Basically the encrypted volume can act as a decoy with your porn important files buried within that volume with absolutely no way of anyone ever finding them. They can find the truecrypt volume, but not the hidden volume within that volume. Yeah, it sounds a bit confusing, but its pretty cool.

[Bavoo]

Rick, I ran SuperAntiSpyware with just 9 cookies found. I don't get this...

Any other idea?

I have Daemon tools on this PC, can I make a disc image so I don't make myself crazy reinstalling? Can you help me with this?

Or do you have any other ideas before I restore?

BTW, the laptop runs fine in safe mode (thats how I am posting this).

TIA
Joe

[Rick91981]

Rick, I ran SuperAntiSpyware with just 9 cookies found. I don't get this...

Any other idea?

I have Daemon tools on this PC, can I make a disc image so I don't make myself crazy reinstalling? Can you help me with this?

Or do you have any other ideas before I restore?

BTW, the laptop runs fine in safe mode (thats how I am posting this).

TIA
Joe

Daemon tools wont do anything as far as making an image of the pc. However, Vista has a built in utility to make a system image. This is a good writeup on how to use it. It is fairly straight forward. After you restore and put all your programs back on and have everything 100% the way you want it, then run the backup. Saving to an external drive used just for this sole purpose is the easiest way, but you can also backup to some DVDs if necessary.

[Sed]

Rick,

Not sure if you can help me here, but here goes nothing:

My PC's been running pretty choppy - especially video. If I open my task manager, I can see that my CPU usage keeps cycling up toward 100%. I've deleted a ton of crap, I've defragged, I've run virus scans and malware scans to no avail.

Since you usually end up telling people to get HijackThis and upload the log, I've done so here:

 Sedhijackthislogoct7.txt ( 28.84k ) Number of downloads: 43


Any suggestions? Thanks in advance!

[Rick91981]

Rick,

Not sure if you can help me here, but here goes nothing:

My PC's been running pretty choppy - especially video. If I open my task manager, I can see that my CPU usage keeps cycling up toward 100%. I've deleted a ton of crap, I've defragged, I've run virus scans and malware scans to no avail.

Since you usually end up telling people to get HijackThis and upload the log, I've done so here:

 Sedhijackthislogoct7.txt ( 28.84k ) Number of downloads: 43


Any suggestions? Thanks in advance!

Sed: Log looks fine, nothing malicious that I see. However, just to clean things up a bit, re-run HijackThis and put a check next to the following entries and then click the fix button.



O2 - BHO: (no name) - rsion - (no file)
O23 - Service: McAfee Application Installer Cleanup (0086641254137186) (0086641254137186mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP�8664~1.EXE (file missing)
O23 - Service: PCCare Premium - Unknown owner - C:\Program Files\PCCare\Client\srvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)


Seems to me that it might be slow because you are running a ton of things at once. Remove programs from startup that you do not need running. Click on Start and then Run and type in msconfig and press enter. In the window that pops up, click on the startup tab. Go through the list and uncheck anything that you do not need to have running at bootup. If you are unsure what something is, google it. If you still aren't sure then leave it checked. Feel free to be aggressive with unchecking items. You cannot break the machine by unchecking items on the startup tab. However, if you uncheck something it may cause issues with individual programs. If that happens, just go back into msconfig and re-check the item that relates to the program that stopped functioning. Once you are done unchecking, click ok. It will prompt you to reboot. You may do so now or wait until later. The changes will take effect at reboot. When Windows starts, it will come up with a window saying you are running in diagnostic mode or something along those lines. At the bottom of that window will be a checkbox saying don't show me this again. Check it and then click ok.

I also see traces of both McAfee and Symantec. You aren't trying to run both are you? If so, that is a big no no and can certainly cause slowdowns. Pick one, and remove the other. I do like that you are running Mozy though. Always important to backup files!

[Sed]

Thanks! Ha - we just started running Mozy a few days ago, to back up the several gigs of pictures and movies of the kids among other things. It's nice to regain space on the HD.

[Rick91981]

It's nice to regain space on the HD.

Once you back it up to Mozy, I hope you don't mean you are deleting it off your drive then? Mozy will only store files for 30 days. If you want to save harddrive space and offload them to somewhere else, then get some webspace or something to save it to(and burn DVDs as a secondary backup). Unless you mean you are saving space on a backup drive and still have the files on your main drive. Then that is ok.

[Sed]

Once you back it up to Mozy, I hope you don't mean you are deleting it off your drive then? Mozy will only store files for 30 days. If you want to save harddrive space and offload them to somewhere else, then get some webspace or something to save it to(and burn DVDs as a secondary backup). Unless you mean you are saving space on a backup drive and still have the files on your main drive. Then that is ok.

Huh - my wife got the pay version of Mozy, which is supposedly unlimited storage for as long as we pay.

It's OK, we've got the stuff backed to an external drive (and eventually DVD).

[Rick91981]

Huh - my wife got the pay version of Mozy, which is supposedly unlimited storage for as long as we pay.

It's OK, we've got the stuff backed to an external drive (and eventually DVD).

It's unlimited backup space, not storage space. There is a big difference. It keeps a backup for 30 days. After that it will remove the file. If a file is on your machine when the backup runs, it will reset the 30 day counter. If the file is gone, you need to restore it before the 30 days are up of it will be gone forever. That is kind of simplifying things to get the point across, but that is essentially what happens.

[Bavoo]

Daemon tools wont do anything as far as making an image of the pc. However, Vista has a built in utility to make a system image. This is a good writeup on how to use it. It is fairly straight forward. After you restore and put all your programs back on and have everything 100% the way you want it, then run the backup. Saving to an external drive used just for this sole purpose is the easiest way, but you can also backup to some DVDs if necessary.

Damn, I'm running home premium....other options?

TIA as always
JOe

[Sed]

FYI: In the end, I think that it might be my external drive that was causing the issue - I disconnected it, and the CPU usage is waaaaay down.

Also removed a bunch of crap from startup.