Jump to content

Constant and random crashes


Recommended Posts

On Saturday night I came home and my computer was turned off(odd since I always leave it on).

I try to turn it on and have problems powering on because it constantly reboots.

The computer stays on long enough so I can run Malwarebytes and removes

Hijack.ControlPanelStyle. I run Malwarebytes a couple times and it detects Hijack.ControlPanelStyle

AVG also says no viruses. I'm not sure what is going on.

Today it scanned as clean in Malwarebytes, but it will still crashes frequently and randomly.

I'll post the Malwarebytes logs from both Saturday night and today:

TODAY:

Malwarebytes' Anti-Malware 1.36

Database version: 2051

Windows 5.1.2600 Service Pack 2

4/27/2009 10:29:44 PM

mbam-log-2009-04-27 (22-29-44).txt

Scan type: Full Scan (C:\|)

Objects scanned: 215408

Time elapsed: 55 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

SATURDAY

Malwarebytes' Anti-Malware 1.36

Database version: 2043

Windows 5.1.2600 Service Pack 2

4/26/2009 8:20:41 AM

mbam-log-2009-04-26 (08-20-41).txt

Scan type: Quick Scan

Objects scanned: 72749

Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:31:48 PM, on 4/27/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\LClock\LClock.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile

O4 - HKUS\S-1-5-19\..\Run: [npad_ql] C:\WINDOWS\system32\Npad.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [npad_ql] C:\WINDOWS\system32\Npad.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214283411437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214283371718

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\SchmapDocLib.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 6239 bytes

I will post a RootRepeal and DDS file in the coming replies...

Link to post
Share on other sites

ROOTREPEAL © AD, 2007-2008

==================================================

Scan Time: 2009/04/27 22:34

Program Version: Version 1.2.3.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name: 00000051

Image Path: \Driver\00000051

Address: 0x00000000 Size: 0 File Visible: No

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xB6450000 Size: 98304 File Visible: No

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA604000 Size: 8192 File Visible: No

Status: -

Name: giveio.sys

Image Path: giveio.sys

Address: 0xBA671000 Size: 1664 File Visible: No

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB6198000 Size: 45056 File Visible: No

Status: -

Name: speedfan.sys

Image Path: speedfan.sys

Address: 0xBA5AE000 Size: 5248 File Visible: No

Status: -

Hidden/Locked Files

-------------------

Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-2E0A134A.pf

Status: Size mismatch (API: 12880, Raw: 12856)

Path: C:\Documents and Settings\Administrator\Local Settings\Temp\etilqs_W9oppJRwxJpPQ3zfrnGa

Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Documents and Settings\Administrator\My Documents\My Music\iTunes\iTunes Music\LivE From Vspishka 13 at SKK Arena in St. Petersburg, Russia - Paul Van Dyk (2008-09-06)\LivE From Vspishka 13 at SKK Arena in St. Petersburg, Russia - Paul Van Dyk (2008-09-06).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\HYG8KJ1X.LL3\A3C2YJLW.Z4X\manifests\StarPlayr.exe.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\HYG8KJ1X.LL3\A3C2YJLW.Z4X\manifests\StarPlayr.exe.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\HYG8KJ1X.LL3\A3C2YJLW.Z4X\manifests\StarPlayr.exe.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\HYG8KJ1X.LL3\A3C2YJLW.Z4X\manifests\StarPlayr.exe.manifest

Status: Locked to the Windows API!

SSDT

-------------------

#: 041 Function Name: NtCreateKey

Status: Hooked by "sptd.sys" at address 0xb9edcb3a

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "sptd.sys" at address 0xb9edcc7e

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "sptd.sys" at address 0xb9edcff6

#: 119 Function Name: NtOpenKey

Status: Hooked by "sptd.sys" at address 0xb9edca18

#: 160 Function Name: NtQueryKey

Status: Hooked by "sptd.sys" at address 0xb9edd0c0

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "sptd.sys" at address 0xb9edcf58

#: 247 Function Name: NtSetValueKey

Status: Hooked by "sptd.sys" at address 0xb9edd148

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x89e11940 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]

Process: System Address: 0x88d13eb0 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE]

Process: System Address: 0x89c34eb0 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLOSE]

Process: System Address: 0x89c34eb0 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89c34eb0 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89c34eb0 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_POWER]

Process: System Address: 0x89c34eb0 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x89c34eb0 Size: -

Object: Hidden Code [Driver: dtscsi, IRP_MJ_PNP]

Process: System Address: 0x89c34eb0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x89bf56a8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x89bf56a8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x89bf56a8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x89bf56a8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x89bf56a8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89bf56a8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89bf56a8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x89bf56a8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x89bf56a8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x89bf56a8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x89bf56a8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]

Process: System Address: 0x89e11bf8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]

Process: System Address: 0x89e11bf8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]

Process: System Address: 0x89e11bf8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]

Process: System Address: 0x89e11bf8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x89e11bf8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89e11bf8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89e11bf8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x89e11bf8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]

Process: System Address: 0x89e11bf8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x89e11bf8 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]

Process: System Address: 0x89e11bf8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]

Process: System Address: 0x89e110e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]

Process: System Address: 0x89e110e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]

Process: System Address: 0x89e110e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]

Process: System Address: 0x89e110e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x89e110e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89e110e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89e110e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]

Process: System Address: 0x89e110e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]

Process: System Address: 0x89e110e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x89e110e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]

Process: System Address: 0x89e110e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x89e124d0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x89e124d0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x89e124d0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x89e124d0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89e124d0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89e124d0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x89e124d0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x89e124d0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x89e124d0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x89e124d0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x89e124d0 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x88fbe238 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x88fbe238 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x88fbe238 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x88fbe238 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x88fbe238 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x88fbe238 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA]

Process: System Address: 0x88fbfa40 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x885b0958 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_CREATE]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_CLOSE]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_READ]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_WRITE]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_CLEANUP]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: FDC#GENE, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8907ebb8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_CREATE]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_CLOSE]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_READ]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_WRITE]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_CLEANUP]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Msfsȅఆ剒敬頀, IRP_MJ_SET_SECURITY]

Process: System Address: 0x890a00e8 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_CREATE]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_CLOSE]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_READ]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_SHUTDOWN]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_CLEANUP]

Process: System Address: 0x89bcf988 Size: -

Object: Hidden Code [Driver: Hard, IRP_MJ_PNP]

Process: System Address: 0x89bcf988 Size: -

Link to post
Share on other sites

DDS (Ver_09-03-16.01) - NTFSx86

Run by Administrator at 22:53:16.68 on Mon 04/27/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_02

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1352 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\LClock\LClock.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD2.EXE

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie_rsearch.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie_rsearch.html

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe

uRun: [Aim6]

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [NVIDIA nTune] c:\program files\nvidia corporation\ntune\nTuneCmd.exe resetprofile

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [LClock] c:\program files\lclock\LClock.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

dRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe

dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"

dRunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214283411437

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214283371718

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - c:\program files\schmap\schmap player\Schmapdoclib.dll

Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\u8wtir9p.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\u8wtir9p.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-20 325640]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-20 27656]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-20 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-20 298264]

S3 RTLWUSB;Realtek RTL8187 Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\RTL8187.sys [2008-6-23 108288]

============== File Associations ===============

inffile=c:\windows\system32\NOTEPAD2.EXE %1

inifile=c:\windows\system32\NOTEPAD2.EXE %1

txtfile=c:\windows\system32\NOTEPAD2.EXE %1

=============== Created Last 30 ================

2009-04-27 21:27 <DIR> --d----- c:\windows\pss

2009-04-26 13:26 <DIR> --d----- c:\program files\Trend Micro

2009-04-13 19:46 <DIR> --d----- c:\program files\pidgin-otr

2009-03-30 12:53 <DIR> --d-h--- C:\$AVG8.VAULT$

==================== Find3M ====================

2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-03-30 09:06 108,552 a------- c:\windows\system32\drivers\avgtdix.sys

2009-03-22 11:04 20,992 a------- c:\windows\jestertb.dll

2009-03-20 21:13 10,520 a------- c:\windows\system32\avgrsstx.dll

2009-03-20 21:13 325,640 a------- c:\windows\system32\drivers\avgldx86.sys

2009-03-10 13:07 4,212 a---h--- c:\windows\system32\zllictbl.dat

============= FINISH: 22:53:25.12 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/23/2008 9:04:34 PM

System Uptime: 4/27/2009 9:30:45 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5B-Deluxe

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | LGA 775 | 2400/266mhz

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | LGA 775 | 2400/266mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 596 GiB total, 38.932 GiB free.

D: is CDROM ()

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek RTL8187 Wireless USB 2.0 Adapter

Device ID: USB\VID_0BDA&PID_8187\0015AF04C249

Manufacturer: Realtek Semiconductor Corp.

Name: Realtek RTL8187 Wireless USB 2.0 Adapter

PNP Device ID: USB\VID_0BDA&PID_8187\0015AF04C249

Service: RTLWUSB

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}

Description: PCI Device

Device ID: PCI\VEN_8086&DEV_284B&SUBSYS_81EC1043&REV_02\3&11583659&0&D8

Manufacturer:

Name: PCI Device

PNP Device ID: PCI\VEN_8086&DEV_284B&SUBSYS_81EC1043&REV_02\3&11583659&0&D8

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Ethernet Controller

Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_43401148&REV_12\4&24CAFEBD&0&00E5

Manufacturer:

Name: Ethernet Controller

PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_43401148&REV_12\4&24CAFEBD&0&00E5

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: SM Bus Controller

Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_81EC1043&REV_02\3&11583659&0&FB

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_81EC1043&REV_02\3&11583659&0&FB

Service:

==== System Restore Points ===================

RP1: 4/26/2009 8:43:26 PM - System Checkpoint

==== Installed Programs ======================

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.