SAS question

[bru]

The forum for SAS hasn't been able to help me so I thought I'd ask here since this site led me to install SAS.

I have the free edition and have noticed two issues. For some reason I can not get the update reminder (either definition or program) to work. I'm sure I have everything checked correct under preferences and updates in the main screen. What is interesting is that I have the exact same program at work at it gives me update reminders just fine. Everything between the two in termsof preferences/settings is the same. I did an uninstall reinstall and that didn't help.

The other thing I've noticed is a little more conerning. When I did my first few scans (I've had the program maybe a month) after I quarantined what it found it said something like you must restart in order to complete the cleaning. After running a few more scans that prompt no longer came up. It would just quarantine. After I did the reinstall to try to correct the update reminder issue it again had the restart prompt. But now again it is gone. FWIW the program at work does ask me to restart. By not restarting is it really not cleaning out what it finds?

Any thoughts on these two issues? Knowing that the program is behaving differently than the one I have at work leads me to believe there is something wrong somewhere.

[bru]

I just ran the program at work and it did indeed show the update reminder so why mine at home doesn't is puzzling. I ran a scan and all it found was tracking cookies, it quarantined them and then it was finished. It did not tell me to restart. I know I've seen it tell me to restart both at work and at home. Does it have to do with what it finds?

[AdvancedSetup]

Please run the following and we'll take a look.

Download

DDS

and save it to your desktop

http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click

dds.scr

to run the tool.

When done, the

DDS.txt

will open.

Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

1. DDS.txt
   
   
2. Attach.txt
   
   

• Save both reports to your desktop
  
  
• Please include the following logs in your next reply:
  DDS.txt
  and
  Attach.txt
  
  

1. Download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
   
2. Double-click VEW.exe
   
3. Under 'Select log to query', select:
   
   • Application
     
   • System
     

[*]Under 'Select type to list', select:

• Error
  

[*] Click the radio button for 'Number of events'

[*]Type 10 in the 1 to 20 box

[*]Then click the Run button.

[*]Notepad will open with the output log.

Please post the Output log in your next reply

RootRepeal - Rootkit Detector

Close ALL applications and as many items in the task tray that will stop and exit.


• Please download the following tool:
  RootRepeal - Rootkit Detector
  
  
• Direct download link is here:
  RootRepeal.rar
  
  
• If you don't already have a program to open a .RAR compressed file you can download a trial version from here:
  WinRAR
  
  
• Extract the program file to a new folder such as
  C:\RootRepeal
  
  
• Run the program
  RootRepeal.exe
  and go to the
  REPORT
  tab and click on the
  Scan
  button
  
  
• Select
  ALL
  of the checkboxes and then click
  OK
  and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  
  
• When done, click on
  Save Report
  
  
• Save it to the same location where you ran it from, such as
  C:\RootRepeal
  
  
• Save it as
  your_name_rootrepeal.txt
  - where your_name is your
  forum name
  
  
• This makes it more easy to track who the log belongs to.
  
  
• Then open that log and select all and copy/paste it back on your next reply please.
  
  
• Quit the RootRepeal program.
  
  

[bru]

I should mention that I can get SAS updates just fine. I click on check for updates and they download and install fine. It's the fact that I don't get the update reminder when I start the program that has me puzzled.

I'll run the DDS scan if you think that might tell you somethng. I really think it's a bug with the program somewhere but as mentioned I reinstalled and that didn't fix it. I guess I did not do a complete uninstall, what I did saves the logs, quarantied items and a few other things I think. Maybe I should try that?

[noknojon]

It's the fact that I don't get the update reminder when I start the program that has me puzzled.

Unless you have the paid version of SAS , you only seem to get a reminder every 2 weeks -

Please follow the above by AdvancedSetup -

Thank You -

[bru]

I guess I could wait two weeks to see but I tend to update sooner than that. I updated SAS at work today I'll open it tomorrow and see what happens.

Interestingly I was not able to run RootRepeal. I double click on RootRepeal.exe and it says "initializing,please wait" and then it hangs. It always concerns me when a tool doesn't run. It seems like it usually means you have something bad which is preventing the tool from running.

Here are the other logs. Please advise next steps.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Bruce at 18:37:13.37 on Thu 09/09/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.917 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Bruce\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe

StartupFolder: c:\docume~1\bruce\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: chase.com

Trusted Zone: chase.com\*.chaseonline

Trusted Zone: chase.com\chaseonline

Trusted Zone: chase.com\www

Trusted Zone: fidelity.com\guidance

Trusted Zone: fidelity.com\www

Trusted Zone: gailborden.info\innovative

Trusted Zone: gailborden.info\search

Trusted Zone: gailborden.info\www

Trusted Zone: speedway.com

Trusted Zone: vanguard.com

Trusted Zone: yahoo.com

DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe

DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213825210359

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38210.8758449074

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - hxxp://www.livemetallica.com/nugster/dlControl.CAB

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = :\windows\system32\srrstr.

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bruce\applic~1\mozilla\firefox\profiles\ncaq0swn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\bruce\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nppl3260.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nprjplug.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nprpjplug.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: XULRunner: {2E29E0D3-7645-46A4-AAF7-F8D2077E0E60} - c:\documents and settings\bruce\local settings\application data\{2E29E0D3-7645-46A4-AAF7-F8D2077E0E60}

FF - HiddenExtension: XULRunner: {555DD3E3-4087-4762-BF85-5733FE9A3DD9} - c:\documents and settings\ellen\local settings\application data\{555DD3E3-4087-4762-BF85-5733FE9A3DD9}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-4 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-26 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-26 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-26 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-2 95024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-26 297752]

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-8-11 86098]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-23 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]

S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2010-7-21 10112]

S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]

=============== Created Last 30 ================

2010-09-09 23:27:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-09 23:25:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-09-09 23:24:56 0 d-----w- c:\program files\Hitman Pro 3.5

2010-09-04 02:23:25 0 d-----w- c:\program files\SpywareBlaster

2010-09-04 01:55:30 0 d-----w- c:\docume~1\bruce\applic~1\Auslogics

2010-09-04 01:55:25 0 d-----w- c:\program files\Auslogics

2010-08-25 01:24:55 0 d-----w- c:\windows\system32\wbem\Repository

2010-08-25 01:22:49 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-08-20 00:16:29 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-08-20 00:16:29 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-08-20 00:16:29 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-08-20 00:16:29 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-08-20 00:16:29 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2010-08-20 00:16:27 0 d-----w- c:\program files\Trojan Remover

2010-08-20 00:16:27 0 d-----w- c:\docume~1\bruce\applic~1\Simply Super Software

2010-08-20 00:16:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software

2010-08-17 09:08:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-08-17 08:58:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Yahoo! Companion(3)

2010-08-15 22:09:44 0 d-----w- c:\program files\CPUID

2010-08-15 22:05:28 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys

2010-08-15 01:23:40 0 d-----w- c:\docume~1\bruce\applic~1\SUPERAntiSpyware.com

2010-08-15 01:23:27 0 d-----w- c:\program files\SUPERAntiSpyware

2010-08-12 11:54:48 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-08-12 11:54:48 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-08-12 11:54:48 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-08-12 11:54:48 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-08-12 11:54:48 117760 ------w- c:\windows\system32\prntvpt.dll

2010-08-12 11:54:47 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-08-12 11:54:47 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-08-12 01:03:27 0 d-----w- c:\program files\ESET

2010-08-11 02:48:02 423656 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-08-06 02:52:28 87608 ----a-w- c:\docume~1\bruce\applic~1\inst.exe

2010-08-06 02:52:28 47360 ----a-w- c:\docume~1\bruce\applic~1\pcouffin.sys

2010-08-05 23:13:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-31 22:06:03 33400 ----a-w- c:\docume~1\bruce\applic~1\GDIPFONTCACHEV1.DAT

2010-07-31 00:29:26 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-21 08:40:20 28032 ----a-w- c:\windows\system32\ssmirrdr.dll

2010-07-21 08:40:20 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 00:32:26 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2004-08-24 23:43:34 2609631 ----a-w- c:\program files\aawsepersonal.exe

============= FINISH: 18:38:10.65 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 8/11/2004 6:06:12 PM

System Uptime: 9/7/2010 9:25:19 PM (45 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL

Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 143 GiB total, 40.523 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 149 GiB total, 55.093 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP4: 7/31/2010 12:03:19 PM - System Checkpoint

RP5: 7/31/2010 12:03:42 PM - CLEAN

RP6: 7/31/2010 12:04:14 PM - Support.com Service Complete

RP7: 8/1/2010 11:07:33 AM - Installed ClearType Tuning Control Panel Applet

RP8: 8/2/2010 5:22:30 AM - Restore Operation

RP9: 8/2/2010 5:59:56 AM - clean

RP10: 8/2/2010 9:00:59 PM - Installed %1 %2.

RP11: 8/2/2010 9:15:04 PM - Software Distribution Service 3.0

RP12: 8/2/2010 9:23:00 PM - Installed Windows KB954550-v5.

RP13: 8/2/2010 9:23:14 PM - Printer Driver Microsoft XPS Document Writer Installed

RP14: 8/2/2010 9:23:40 PM - Printer Driver Microsoft XPS Document Writer Installed

RP15: 8/2/2010 9:32:37 PM - Software Distribution Service 3.0

RP16: 8/3/2010 6:18:05 AM - Installed Windows Internet Explorer 8.

RP17: 8/3/2010 6:19:31 AM - Software Distribution Service 3.0

RP18: 8/3/2010 6:50:30 AM - Software Distribution Service 3.0

RP19: 8/3/2010 7:37:15 PM - Installed ClearType Tuning Control Panel Applet

RP20: 8/3/2010 9:01:11 PM - Restore Operation

RP21: 8/3/2010 9:44:25 PM - Software Distribution Service 3.0

RP22: 8/5/2010 8:45:12 AM - System Checkpoint

RP23: 8/5/2010 5:39:45 PM - 8/5

RP24: 8/5/2010 5:40:41 PM - Restore Operation

RP25: 8/5/2010 7:59:31 PM - Software Distribution Service 3.0

RP26: 8/6/2010 6:05:00 PM - driver

RP27: 8/7/2010 8:44:12 PM - System Checkpoint

RP28: 8/7/2010 11:10:18 PM - Installed Driver Whiz.

RP29: 8/7/2010 11:23:57 PM - Removed Driver Whiz.

RP30: 8/9/2010 9:25:55 PM - System Checkpoint

RP31: 8/10/2010 9:47:27 PM - Installed Java 6 Update 20

RP32: 8/10/2010 10:00:17 PM - Installed Java 6 Update 21

RP33: 8/10/2010 10:08:56 PM - Removed Java 6 Update 3

RP34: 8/10/2010 10:26:31 PM - Software Distribution Service 3.0

RP35: 8/12/2010 6:50:04 AM - Software Distribution Service 3.0

RP36: 8/12/2010 6:29:46 PM - Software Distribution Service 3.0

RP37: 8/13/2010 10:02:50 PM - System Checkpoint

RP38: 8/15/2010 8:31:49 AM - System Checkpoint

RP39: 8/16/2010 10:48:52 AM - System Checkpoint

RP40: 8/16/2010 9:20:08 PM - Avg8 Update

RP41: 8/16/2010 9:26:14 PM - Removed Google Earth.

RP42: 8/16/2010 9:27:13 PM - Installed Google Earth.

RP43: 8/17/2010 3:57:21 AM - Restore Operation

RP44: 8/17/2010 4:07:18 AM - Restore Operation

RP45: 8/18/2010 7:40:15 AM - System Checkpoint

RP46: 8/19/2010 7:44:52 AM - System Checkpoint

RP47: 8/20/2010 8:32:51 AM - System Checkpoint

RP48: 8/21/2010 2:01:20 PM - System Checkpoint

RP49: 8/21/2010 6:51:26 PM - Restore Operation

RP50: 8/21/2010 11:01:21 PM - good

RP51: 8/23/2010 7:32:59 AM - System Checkpoint

RP52: 8/23/2010 9:37:26 PM - Installed ClearType Tuning Control Panel Applet

RP53: 8/23/2010 10:14:23 PM - good

RP54: 8/24/2010 6:46:43 AM - Configured AVG Free 8.5

RP55: 8/24/2010 8:21:47 PM - again

RP56: 8/24/2010 8:22:08 PM - Restore Operation

RP57: 8/25/2010 11:54:25 PM - System Checkpoint

RP58: 8/27/2010 7:38:23 AM - System Checkpoint

RP59: 8/28/2010 11:10:16 AM - System Checkpoint

RP60: 8/29/2010 2:03:27 PM - System Checkpoint

RP61: 8/30/2010 3:07:13 PM - System Checkpoint

RP62: 8/31/2010 3:30:21 PM - System Checkpoint

RP63: 9/1/2010 4:16:42 PM - System Checkpoint

RP64: 9/2/2010 4:56:06 PM - System Checkpoint

RP65: 9/3/2010 7:08:23 PM - System Checkpoint

RP66: 9/4/2010 7:43:16 AM - Revo Uninstaller's restore point - URGE

RP67: 9/4/2010 7:43:39 AM - Removed URGE

RP68: 9/7/2010 7:21:02 AM - System Checkpoint

RP69: 9/8/2010 9:39:49 AM - System Checkpoint

RP70: 9/8/2010 7:55:47 PM - Avg8 Update

==== Installed Programs ======================

Acrobat.com

Ad-Aware

Ad-Aware Email Scanner for Outlook

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.4

Adobe Shockwave Player 11.5

Adobe SVG Viewer 3.0

Agere Systems AC'97 Modem

Apple Mobile Device Support

Apple Software Update

Atari: The 80 Classic Games

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Auslogics Disk Defrag

AVG Free 8.5

Bonjour

Canon i350

CCleaner

Click to DVD 2.0 Menu Data

Click to DVD 2.0.02

CPUID CPU-Z 1.55

Critical Update for Windows Media Player 11 (KB959772)

Defraggler

Drag'n Drop CD+DVD

DVgate Plus

ERUNT 1.1j

ESET Online Scanner v3

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Hitman Pro 3.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Intel® Extreme Graphics Driver

Intel® PRO Network Adapters and Drivers

InterVideo WinDVD 5 for VAIO

iPod for Windows 2005-01-11

iPod for Windows 2005-02-07

iPod for Windows 2005-02-22

iPod for Windows 2005-03-23

iPod for Windows 2005-06-26

iPod Updater 2004-08-06

iPod Updater 2004-10-20

iPod Updater 2004-11-15

iTunes

Java Auto Updater

Java 6 Update 21

Malwarebytes' Anti-Malware

Maxtor Manager

Memory Stick Formatter

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works 7.0

MoodLogic

Move Media Player

Mozilla Firefox (3.6.8)

MSN Music Assistant

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

OpenMG Limited Patch 3.4-03-12-16-01

OpenMG Secure Module 3.4.00

PictureGear Studio 2.0

QuickTime

RealPlayer

Recuva

Revo Uninstaller 1.89

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

SonicStage 2.0.02

Sony Certificate PCH

Sony Video Shared Library

Speccy

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

SpywareBlaster 4.4

SUPERAntiSpyware

Trojan Remover 6.8.2

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB973687)

VAIO Entertainment Platform

VAIO Help and Support

VAIO Media 3.0

VAIO Media Integrated Server 3.0

VAIO Media Redistribution 3.0

VAIO Registration

VAIO SLIT-C Screen Saver

VAIO SLIT Pattern Wallpaper

VAIO Survey Standalone

VAIO System Information

VAIO Update 2

Viewpoint Manager (Remove Only)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Welcome to VAIO life

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB821253

Windows XP Service Pack 3

WingMan Software

Yahoo! Address AutoComplete

Yahoo! Anti-Spy

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Messenger Explorer Bar

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/3/2010 10:26:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SbcpHid

9/3/2010 10:23:59 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 4 time(s).

9/3/2010 10:22:36 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).

9/3/2010 10:22:24 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

9/3/2010 10:17:39 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

9/2/2010 6:45:11 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Vino's Event Viewer v01c run on Windows XP in English

Report run at 09/09/2010 7:05:02 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 07/09/2010 7:00:25 AM

Type: error Category: 100

Event: 1004 Source: Application Error

Faulting application avgnsx.exe, version 8.5.0.401, faulting module avgxpl.dll, version 8.5.0.401, fault address 0x00021592.

Log: 'Application' Date/Time: 07/09/2010 6:52:26 AM

Type: error Category: 100

Event: 1000 Source: Application Error

Faulting application avgnsx.exe, version 8.5.0.401, faulting module avgxpl.dll, version 8.5.0.401, fault address 0x00021592.

Log: 'Application' Date/Time: 07/09/2010 6:51:02 AM

Type: error Category: 100

Event: 1000 Source: Application Error

Faulting application avgnsx.exe, version 8.5.0.401, faulting module avgxpl.dll, version 8.5.0.401, fault address 0x00021592.

Log: 'Application' Date/Time: 04/09/2010 8:18:35 AM

Type: error Category: 0

Event: 1001 Source: Application Error

Fault bucket 1389155238.

Log: 'Application' Date/Time: 04/09/2010 7:47:08 AM

Type: error Category: 100

Event: 1000 Source: Application Error

Faulting application avgnsx.exe, version 8.5.0.401, faulting module avgxpl.dll, version 8.5.0.401, fault address 0x00021592.

Log: 'Application' Date/Time: 02/09/2010 11:30:52 AM

Type: error Category: 100

Event: 1000 Source: Application Error

Faulting application avgnsx.exe, version 8.5.0.401, faulting module avgxpl.dll, version 8.5.0.401, fault address 0x00021592.

Log: 'Application' Date/Time: 02/09/2010 11:21:39 AM

Type: error Category: 100

Event: 1000 Source: Application Error

Faulting application avgnsx.exe, version 8.5.0.401, faulting module avgxpl.dll, version 8.5.0.401, fault address 0x00021592.

Log: 'Application' Date/Time: 01/09/2010 6:56:39 PM

Type: error Category: 100

Event: 1000 Source: Application Error

Faulting application avgnsx.exe, version 8.5.0.401, faulting module avgxpl.dll, version 8.5.0.401, fault address 0x00021592.

Log: 'Application' Date/Time: 01/09/2010 6:50:56 PM

Type: error Category: 100

Event: 1000 Source: Application Error

Faulting application avgnsx.exe, version 8.5.0.401, faulting module avgxpl.dll, version 8.5.0.401, fault address 0x00021592.

Log: 'Application' Date/Time: 31/08/2010 8:29:49 PM

Type: error Category: 101

Event: 1002 Source: Application Hang

Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 07/09/2010 6:42:13 AM

Type: error Category: 0

Event: 7026 Source: Service Control Manager

The following boot-start or system-start driver(s) failed to load: SbcpHid

Log: 'System' Date/Time: 06/09/2010 6:14:43 PM

Type: error Category: 0

Event: 7026 Source: Service Control Manager

The following boot-start or system-start driver(s) failed to load: SbcpHid

Log: 'System' Date/Time: 06/09/2010 5:48:24 PM

Type: error Category: 0

Event: 7026 Source: Service Control Manager

The following boot-start or system-start driver(s) failed to load: SbcpHid

Log: 'System' Date/Time: 04/09/2010 8:36:56 AM

Type: error Category: 0

Event: 7026 Source: Service Control Manager

The following boot-start or system-start driver(s) failed to load: SbcpHid

Log: 'System' Date/Time: 03/09/2010 10:52:06 PM

Type: error Category: 0

Event: 7034 Source: Service Control Manager

The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).

Log: 'System' Date/Time: 03/09/2010 10:40:45 PM

Type: error Category: 0

Event: 7031 Source: Service Control Manager

The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/09/2010 10:40:21 PM

Type: error Category: 0

Event: 7031 Source: Service Control Manager

The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/09/2010 10:26:42 PM

Type: error Category: 0

Event: 7026 Source: Service Control Manager

The following boot-start or system-start driver(s) failed to load: SbcpHid

Log: 'System' Date/Time: 03/09/2010 10:23:59 PM

Type: error Category: 0

Event: 7034 Source: Service Control Manager

The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 4 time(s).

Log: 'System' Date/Time: 03/09/2010 10:22:36 PM

Type: error Category: 0

Event: 7034 Source: Service Control Manager

The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).

[bru]

Looking over logs while waiting for response I see this:

S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

As mentioned RootRepeal would not run and now I see this. Should it be in system32 if it never ran? Is this a sign of trouble?

[bru]

Hello? No response in a while.

I have logs including GMER and RUnhk which I was advised to run by the developer of RootRepeal after we could not get that program to run. RUnhk indicates possible rootkit. I think i'm going to post on the malware removal board.

[AdvancedSetup]

Sorry for the delay but I've been quite busy. I'll try to provide feedback for you on this tomorrow.

[bru]

Probably wil want to merge into one. Not sure which forum is appropriate.

http://forums.malwarebytes.org/index.php?showtopic=62479

[AdvancedSetup]

Well let's see if one of the Experts takes it on quickly for you. If not then I'll try to get to it if I can.

Thanks.

[coconutnut]

try running it in admin mode if you are using windows 7 or vista since you are using the free version

[bru]

AdvancedSetup: Is it possible to get another set of eyes to look at my other post. I am a bit confused by what is going on. Thank you

[AdvancedSetup]

Well it appears you want to second guess him and/or turn it into a training exercise which typically most helpers just don't have time for.

What he has asked you to do is very simple and should have no ill effect on your system. He has explained in brief what it does so run it and give him back the results. That only takes 2 minutes to do and if no change or no help then nothing really wasted there.

I assume you've also already FULLY removed SAS including ALL registry entries and then re-installed it. If SAS was unable to help you then I'm assuming you're here because it's beyond their understanding as well and we're not really here to support their program, but in the good nature overall we'll try to see if we can help you locate Malware or some other odd thing that might be causing it but I can tell you now that most helpers as I said are not going to be too willing to assist you if you want to second guess what they've asked you to run.

[bru]

Unless you have the paid version of SAS , you only seem to get a reminder every 2 weeks -

Not so on my work computer which runs the free version. Five days since last update and I get a reminder. Can't get a reminder on my home computer no matter what I do .

[noknojon]

Not so on my work computer which runs the free version. Five days since last update and I get a reminder. Can't get a reminder on my home computer no matter what I do .

I just got a reminder today from SAS free version which I update manually every 2-3 days - MBAM gets done Every day -

First one from SAS for about 2 weeks - Due mainly to their (major) fortnightly updates -

I am also a member at SAS forum (have been for a year or so now) and I have not noted this problem there ??

[bru]

Due mainly to their (major) fortnightly updates -

Probably shouldn't waste MBAM forum time with this but what do you mean by the above? I understood that the free version is all manual updates. When I logged on yesterday it did tell me about the new program update, which is better than nothing I suppose.

[noknojon]

Hi bru -

I understood that the free version is all manual updates. When I logged on yesterday it did tell me about the new program update,

No problem - When you download SAS there is a section that you either tick or leave vacant that asks you if you want to be notified about updates -

It is not like having a registered version , just a pop up saying there is a new update (usually a major one) -

http://forums.malwarebytes.org/index.php?s...st&p=313764 - This is typical (from Our updates area)

This is the same with programs like CCleaner and Defraggler from Piriform - They also notify you if there is any updates to download -

I did theirs 1 or 2 days ago when I got the notification from them -

Thank You -

[bru]

I don't get what they call a dialog box when I open the program telling me I haven't checked for definition updates in X days. I get it on another computer so I'm pretty sure how it should function. I have posted on the SAS forum.