0

OK, lately my computer has been going Threw allot of issue's, first of which for some reason Microsoft Silverlight was no longer installed and would always give a error when try to reinstall,after 2 weeks of correspondence with Microsoft(trying this and that and anything under the moon) like a fluke it just magically installed from a link I clicked in my Hotmail web page and has worked great since. So now I have been trying to cure the other issue's with total failure on all attempts(a2AntiMalware, Microsoft Fix It Center, Hi-Jack This ect...) What it is still doing is randomly IE Explorer will pop-up a second window with some random ad page(funny mainly it's a wal-mart ad but others also...lol) my sound keeps dropping out and I have to go Control Panel>SoundsAndAudioDevices>Hardware>LegacyAudioDrivers>Properties>Driver>Update Driver>InstallFromList>Don'tSearchIWillChose>LegacyAudioDriver's and manually reinstall and then it will work for awhile. Secondly my Task Bar at bottom of window will change from windows standard blue in color to white and third my IE Explorer will change from shown below:
[IMG]http://i191.photobucket.com/albums/z27/r8er4ever/ieexplore_1.jpg[/IMG]

To this:
[IMG]http://i191.photobucket.com/albums/z27/r8er4ever/ieexplore_2.jpg[/IMG]
Oh one last thing is that it will at times like get stuck or something cause the hard-drive will be running like crazy and after minutes and minutes of trying finally I get Task Manager to come up and the process "spoolsv.exe" will be running at 98-100 CPU usage.

OK, Now I have tried to properly do all that the posting requirements ask for(downloaded everything, and ran scans like it says)Except the ATF-Cleaner kept switching to a "Not-Responding" state so couldn't run that completely. But here are the 2 GMER log's you needed.(hope this is enough info to help you to help me.

GMER 1.0.15.15530 - http://www.gmer.net
Root kit quick scan 2010-12-28 23:56:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3120022A rev.3.06
Running: 619m87ll.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\axlyikow.sys

GMER_1.log
---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 234441392 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86EEA292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86EEA292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86EEA292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 86EEA292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-7 86EEA292
Device \Device\Ide\IdeDeviceP2T0L0-12 -> \??\IDE#DiskST3120022A______________________________3.06____#4a3531544a39305a202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----


GMER_2.log
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-29 00:28:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3120022A rev.3.06
Running: 619m87ll.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\axlyikow.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86EEA292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86EEA292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86EEA292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 86EEA292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-7 86EEA292
Device \Device\Ide\IdeDeviceP2T0L0-12 -> \??\IDE#DiskST3120022A______________________________3.06____#4a3531544a39305a202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CWebTransport.CWebTransport@ CWebTransport Object
Reg HKLM\SOFTWARE\Classes\CWebTransport.CWebTransport\CLSID
Reg HKLM\SOFTWARE\Classes\CWebTransport.CWebTransport\CLSID@ {74870B39-2651-4A6C-A59B-2F66602FDC67}
Reg HKLM\SOFTWARE\Classes\CWebTransport.CWebTransport\CurVer
Reg HKLM\SOFTWARE\Classes\CWebTransport.CWebTransport\CurVer@ CWebTransport.CWebTransport.1.0
Reg HKLM\SOFTWARE\Classes\CWebTransport.CWebTransport.1.0@ CWebTransport Object
Reg HKLM\SOFTWARE\Classes\CWebTransport.CWebTransport.1.0\CLSID
Reg HKLM\SOFTWARE\Classes\CWebTransport.CWebTransport.1.0\CLSID@ {74870B39-2651-4A6C-A59B-2F66602FDC67}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Core@ Windows Live OneCare safety scanner Core Module
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Core\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Core\CLSID@ {55265A35-B335-44FE-BFB4-854E3461004D}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Core\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Core\CurVer@ Microsoft.wlsc.Core.1
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Core.1@ Windows Live OneCare safety scanner Core Module
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Core.1\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Core.1\CLSID@ {55265A35-B335-44FE-BFB4-854E3461004D}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.AVAS@ Windows Live OneCare safety scanner AV/AS Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.AVAS\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.AVAS\CLSID@ {D53096B8-0786-4cd4-894D-7632EB477881}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.AVAS\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.AVAS\CurVer@ Microsoft.wlsc.Scanner.AVAS.1
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.AVAS.1@ Windows Live OneCare safety scanner AV/AS Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.AVAS.1\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.AVAS.1\CLSID@ {D53096B8-0786-4cd4-894D-7632EB477881}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.Defrag@ Windows Live OneCare safety scanner Disk Fragmentation Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.Defrag\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.Defrag\CLSID@ {A4123DCA-30C3-4DD6-9B50-4D395813BE5A}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.Defrag\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.Defrag\CurVer@ Microsoft.wlsc.Scanner.Defrag.1
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.Defrag.1@ Windows Live OneCare safety scanner Disk Fragmentation Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.Defrag.1\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.Defrag.1\CLSID@ {A4123DCA-30C3-4DD6-9B50-4D395813BE5A}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.DiskHealth@ Windows Live OneCare safety scanner Disk Health Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.DiskHealth\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.DiskHealth\CLSID@ {5134461D-7247-42CF-90DF-EBE7B8E207EC}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.DiskHealth\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.DiskHealth\CurVer@ Microsoft.wlsc.Scanner.DiskHealth.1
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.DiskHealth.1@ Windows Live OneCare safety scanner Disk Health Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.DiskHealth.1\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.DiskHealth.1\CLSID@ {5134461D-7247-42CF-90DF-EBE7B8E207EC}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.NetSafety@ Windows Live OneCare safety scanner Network Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.NetSafety\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.NetSafety\CLSID@ {88627655-CA82-4095-B972-31BE3EA352AA}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.NetSafety\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.NetSafety\CurVer@ Microsoft.wlsc.Scanner.NetSafety.1
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.NetSafety.1@ Windows Live OneCare safety scanner Network Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.NetSafety.1\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.NetSafety.1\CLSID@ {88627655-CA82-4095-B972-31BE3EA352AA}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.PlatformInfo@ Windows Live OneCare safety scanner Platform Info Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.PlatformInfo\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.PlatformInfo\CLSID@ {5E7FBD8F-7AEA-4E7C-81E1-E8F660A80379}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.PlatformInfo\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.PlatformInfo\CurVer@ Microsoft.wlsc.Scanner.PlatformInfo.1
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.PlatformInfo.1@ Windows Live OneCare safety scanner Platform Info Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.PlatformInfo.1\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.PlatformInfo.1\CLSID@ {5E7FBD8F-7AEA-4E7C-81E1-E8F660A80379}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.RegCleaner@ Windows Live OneCare safety scanner Registry Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.RegCleaner\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.RegCleaner\CLSID@ {9E5B9899-39DD-4225-B2E8-C3FD1DA67079}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.RegCleaner\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.RegCleaner\CurVer@ Microsoft.wlsc.Scanner.RegCleaner.1
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.RegCleaner.1@ Windows Live OneCare safety scanner Registry Scanner
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.RegCleaner.1\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.Scanner.RegCleaner.1\CLSID@ {9E5B9899-39DD-4225-B2E8-C3FD1DA67079}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.wlscInstall@ Windows Live Safety Center Base Module
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.wlscInstall\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.wlscInstall\CLSID@ {5ED80217-570B-4DA9-BF44-BE107C0EC166}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.wlscInstall\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.wlscInstall\CurVer@ Microsoft.wlsc.wlscInstall.1
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.wlscInstall.1@ Windows Live Safety Center Base Module
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.wlscInstall.1\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.wlscInstall.1\CLSID@ {5ED80217-570B-4DA9-BF44-BE107C0EC166}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.WrapperAX@ Windows Live Safety Center Control Module
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.WrapperAX\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.WrapperAX\CLSID@ {8E5C8BEE-1887-414C-8AC9-7C3951F28476}
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.WrapperAX\CurVer
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.WrapperAX\CurVer@ Microsoft.wlsc.WrapperAX.1
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.WrapperAX.1@ Windows Live Safety Center Control Module
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.WrapperAX.1\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.wlsc.WrapperAX.1\CLSID@ {8E5C8BEE-1887-414C-8AC9-7C3951F28476}
Reg HKLM\SOFTWARE\Classes\wlscUploader.FileUploader@ Windows Live OneCare safety scanner Malware Submission Module
Reg HKLM\SOFTWARE\Classes\wlscUploader.FileUploader\CLSID
Reg HKLM\SOFTWARE\Classes\wlscUploader.FileUploader\CLSID@ {37FBC1D9-8FB9-4E5D-A1C2-FE9401CAD56A}
Reg HKLM\SOFTWARE\Classes\wlscUploader.FileUploader\CurVer
Reg HKLM\SOFTWARE\Classes\wlscUploader.FileUploader\CurVer@ wlscUploader.FileUploader.1
Reg HKLM\SOFTWARE\Classes\wlscUploader.FileUploader.1@ Windows Live OneCare safety scanner Malware Submission Module
Reg HKLM\SOFTWARE\Classes\wlscUploader.FileUploader.1\CLSID
Reg HKLM\SOFTWARE\Classes\wlscUploader.FileUploader.1\CLSID@ {37FBC1D9-8FB9-4E5D-A1C2-FE9401CAD56A}

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 234441392 (+255): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

Edited by r8er4ever: n/a

4
Contributors
34
Replies
35
Views
6 Years
Discussion Span
Last Post by jholland1964
Featured Replies
  • Well, now we see why you have, as you say, MANY ISSUES! #1a - 108 GiB total, 16.179 GiB free. #1b - [B][COLOR="Red"]No[/COLOR][/B] anti-virus program #1c - [B][COLOR="Red"]No[/COLOR][/B] Firewall #1d - [B][COLOR="Red"]No[/COLOR][/B] security programs on there except what you have downloaded to use in this thread #1d - uTorrent #1e … Read More

0

Also here is this just incase:

Field Value
Computer
Operating System Microsoft Windows XP Home Edition
OS Service Pack Service Pack 3
DirectX 4.09.00.0904 (DirectX 9.0c)
Computer Name AT5QGAAC3Z
User Name Owner

Motherboard
CPU Type AMD Athlon XP, 2100 MHz (10.5 x 200) 3000+
Motherboard Name Asus A7V8X-LA (Kelut) (3 PCI, 1 AGP, 2 DDR DIMM, Audio, Video, LAN, IEEE-1394)
Motherboard Chipset VIA VT8378A UniChrome KM400A
System Memory 1024 MB (DDR SDRAM)
BIOS Type Award (06/06/05)
Communication Port Communications Port (COM1)
Communication Port ECP Printer Port (LPT1)

Display
Video Adapter NVIDIA GeForce 6600 (256 MB)
3D Accelerator nVIDIA GeForce 6600 AGP
Monitor HP w2007 Wide LCD Monitor [NoDB] (CNN74418P5)

Multimedia
Audio Adapter VIA AC'97 Enhanced Audio Controller

Storage
IDE Controller Standard Dual Channel PCI IDE Controller
IDE Controller VIA Bus Master IDE Controller
Floppy Drive Floppy disk drive
Disk Drive Generic USB SD Reader USB Device
Disk Drive Generic USB CF Reader USB Device
Disk Drive Generic USB SM Reader USB Device
Disk Drive Generic USB MS Reader USB Device
Optical Drive HP DVD Writer 400c (DVD:8x/4x/12x, CD:24x/10x/40x DVD+RW)
SMART Hard Disks Status OK

Partitions
C: (NTFS) 110166 MB (16200 MB free)
D: (FAT32) 4288 MB (285 MB free)
Total Size 111.8 GB (16.1 GB free)

Input
Keyboard Enhanced Mulmedia PS/2 Keyboard
Mouse PS/2 Compatible Mouse

Network
Network Adapter RangeMax(tm) NEXT Wireless Adapter WN311B
Modem Standard Modem

Peripherals
Printer hp psc 1310 series
Printer Microsoft Office Document Image Writer
Printer Microsoft XPS Document Writer
USB1 Controller VIA VT83C572 PCI-USB Controller
USB1 Controller VIA VT83C572 PCI-USB Controller
USB1 Controller VIA VT83C572 PCI-USB Controller
USB1 Controller VIA VT83C572 PCI-USB Controller
USB2 Controller VIA USB 2.0 Enhanced Host Controller
USB Device hp psc 1310 series (DOT4USB)
USB Device hp psc 1310 series
USB Device USB Composite Device
USB Device USB Mass Storage Device
USB Device USB Printing Support

0

Thanks for the reply and I have done all that except the cleaner kept getting non responsive every time I tried to run it(Also followed this site link to run the Malicious software tool)And unless I totally missed something I beleve the log's requsted are here posted if not please let me know what I am missing.

0

Oh my bad I saw this and stopped.
DO NOT take any action for any found items until a volunteer can have a look and advise you further.
So I was waiting....lol
I'll go do this now.

0

Oh my bad I saw this and stopped.
DO NOT take any action for any found items until a volunteer can have a look and advise you further.
So I was waiting....lol
I'll go do this now.

It will not let me post logs keeps saying can not connect to web when I hit submit reply.
I hit copy paste , then when try to submit it it gives me a web page saying con not conect to web dignose connection?????

Edited by r8er4ever: n/a

0

Can you not put the log onto a usb memory stick then post the log with the computer you are using to post here?

0

The computer I am posting here with and the one with the log's are the same computer it's lets me post replys but lose connection when trey to post the logs. Could it maybe have something to do with the length of the logs?

0

No idea, haven't come across that problem before.

Perhaps resetting your router would help.

Edited by Rik_: n/a

0

Ok here is what you asked for except a little confused with what to do with "Attached.txt" I thought I read it says to zip it then attach it but don't know how.
MBAM LOG
Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5415

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/29/2010 5:34:13 AM
mbam-log-2010-12-29 (05-34-13).txt


Objects scanned: 284699
Time elapsed: 55 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAx.Info (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAx.Info.1 (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.267.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.267.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.267.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.267.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\mozilla firefox\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\all20.tmp (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\cas1.tmp (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\casA.tmp (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\luc67.tmp (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\map1F.tmp (PUP.Adware.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\7773.tmp (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\veg24.tmp (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\fir50.tmp (PUP.Adware.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\gol89.tmp (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\gra20.tmp (PUP.Adware.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\gra56.tmp (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\sun5C.tmp (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\Temp\sun9.tmp (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\temporary internet files\Content.IE5\XJG8L3T7\sunpalacecasino[1].exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\shirley\local settings\temporary internet files\Content.IE5\ZUG64BZD\smartdownload[1].exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.267.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.267.0\firefox\extensions\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

0

OK tried posting them seperatly and its the DDS.txt log that keeps getting me the lose connection page

And also for the record I still keep getting those random second IE Explorer pop-up browser ads havent played any games yet to see if sound will keep messing up

Edited by r8er4ever: n/a

0

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5415

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/29/2010 8:24:25 AM
mbam-log-2010-12-29 (08-24-25).txt

Scan type: Quick scan
Objects scanned: 287688
Time elapsed: 57 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

You need to download and run Combofix from here - http://www.bleepingcomputer.com/download/anti-virus/combofix
You MUST let combofix complete. You MUST NOT interfere with it in any way.
It will take control of your computer and will most likely reboot it. Do not do anything at all with your computer until combofix had told you it has completed and produced a log. Please post the log in your next reply.

0

If I may,
Instructions for combofix are incomplete. It must be run in a very specific way and followed exactly.
Please follow these instructions:
You must download it to and run it from your Desktop
• Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..
• Then post back here with that log and a new scan log from HiJackThis.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

KK thanks you guy's just got home from work so will do this now... Report back as soon as finish

0

KK heres the combo fix log:

ComboFix 10-12-29.04 - Owner 12/30/2010 8:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.724 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CFLog
c:\cflog\CrashLog_20101028.txt
c:\documents and settings\Owner\Application Data\.#
c:\documents and settings\Owner\Application Data\.#\MBX@1134@AC4228.###
c:\documents and settings\Owner\Application Data\.#\MBX@1134@AC4258.###
c:\documents and settings\Owner\Application Data\.#\MBX@1134@AC4288.###
c:\documents and settings\Owner\Application Data\.#\MBX@1CD8@393418.###
c:\documents and settings\Owner\Application Data\.#\MBX@1CD8@393428.###
c:\documents and settings\Owner\Application Data\.#\MBX@410@393418.###
c:\documents and settings\Owner\Application Data\.#\MBX@410@393428.###
c:\documents and settings\Owner\Application Data\.#\MBX@BA0@393418.###
c:\documents and settings\Owner\Application Data\.#\MBX@BA0@393428.###
C:\ipconfig.txt
c:\windows\system32\Oeminfo.ini
D:\Autorun.inf

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-29 12:28 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 12:28 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-28 09:04 . 2010-12-28 11:40 -------- d-----w- c:\documents and settings\Owner\Application Data\BloodTies
2010-12-28 09:03 . 2010-12-28 09:03 -------- d-----w- c:\program files\Blood Ties
2010-12-26 09:31 . 2010-12-26 09:32 -------- d-----w- c:\program files\Awakening - Moonfell Wood
2010-12-25 12:45 . 2010-12-25 12:46 -------- d-----w- c:\program files\Fear For Sale - Mystery of McInroy Manor
2010-12-25 08:18 . 2010-12-25 08:18 -------- d-----w- c:\documents and settings\Owner\Application Data\funkitron
2010-12-24 08:57 . 2010-12-24 08:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Casual Arts
2010-12-24 08:57 . 2010-12-24 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Casual Arts
2010-12-24 04:32 . 2010-12-24 04:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-12-21 11:34 . 2010-12-21 11:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Mystery of Mortlake Mansion
2010-12-21 06:13 . 2008-04-14 01:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-21 06:13 . 2001-08-18 06:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-21 06:13 . 2008-04-14 01:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-12-21 06:13 . 2001-08-18 06:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-12-21 06:11 . 2008-04-13 19:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-12-21 06:10 . 2001-08-17 22:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-12-21 06:09 . 2008-04-13 19:44 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2010-12-21 06:08 . 2001-08-17 22:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-12-21 06:07 . 2001-08-17 21:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-12-21 06:06 . 2001-08-17 20:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-12-21 06:05 . 2008-04-13 19:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2010-12-21 06:04 . 2001-08-17 22:55 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll
2010-12-18 10:12 . 2010-12-18 18:59 -------- d-----w- c:\program files\Windows Live Safety Center
2010-12-18 10:08 . 2010-12-18 10:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-12-17 13:06 . 2010-12-17 13:07 -------- d-----w- c:\documents and settings\Owner\Application Data\7Wonders
2010-12-17 12:02 . 2010-12-17 13:05 -------- d-----w- c:\program files\Art of Murder - Cards of Destiny
2010-12-16 08:50 . 2010-12-17 00:40 -------- d-----w- c:\program files\Club World Casinos
2010-12-16 08:37 . 2010-12-16 08:38 -------- d-----w- c:\program files\Grande Vegas Casino
2010-12-16 07:50 . 2010-12-16 07:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-16 05:21 . 2010-12-30 15:45 -------- d-----w- c:\documents and settings\Owner\Application Data\CoreInternetUtility
2010-12-16 05:21 . 2010-12-16 05:21 -------- d-----w- c:\program files\CAJ Media
2010-12-15 20:34 . 2010-12-15 20:34 -------- d-----w- c:\documents and settings\Owner\Application Data\NatGeoGames
2010-12-15 20:34 . 2010-12-15 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NatGeoGames
2010-12-11 07:44 . 2010-12-11 07:46 -------- d-----w- c:\program files\Fiction Fixers - The Curse of OZ
2010-12-11 07:38 . 2010-12-18 04:06 -------- d-----w- c:\program files\Hidden Identity - Chicago Blackout
2010-12-11 07:37 . 2010-12-11 07:38 -------- d-----w- c:\program files\7 Wonders of the World
2010-12-11 07:36 . 2010-12-11 07:37 -------- d-----w- c:\program files\Samantha Swift - Mystery From Atlantis
2010-12-11 07:33 . 2010-12-11 07:34 -------- d-----w- c:\program files\Robinson Crusoe and the Cursed Pirates
2010-12-11 07:30 . 2010-12-11 07:32 -------- d-----w- c:\program files\The Mystery of the Mary Celeste
2010-12-09 04:48 . 2010-12-09 04:48 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-12-09 04:48 . 2010-12-09 04:48 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-12-09 04:48 . 2010-12-09 04:48 -------- d-----w- c:\program files\MSECACHE
2010-12-09 04:30 . 2010-12-09 04:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\VIPSlotsCasino
2010-12-09 04:23 . 2010-12-09 04:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\CrazySlotsCasino
2010-12-09 04:15 . 2010-12-09 04:16 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\GoCasino
2010-12-08 18:33 . 2010-12-08 18:33 -------- d-----w- c:\documents and settings\Owner\Application Data\gogii
2010-12-08 18:32 . 2010-12-08 19:34 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-08 17:35 . 2010-12-08 17:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter
2010-12-08 17:30 . 2010-12-08 17:30 -------- d-----w- c:\windows\MATS
2010-12-08 17:30 . 2010-12-08 17:30 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-12-08 15:23 . 2010-12-15 21:33 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-12-08 05:49 . 2010-12-08 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Cateia Games
2010-12-07 15:46 . 2010-12-07 15:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-07 09:01 . 2010-12-07 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\OfficeGuardian
2010-12-07 01:58 . 2010-12-07 01:58 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-06 19:45 . 2010-12-06 19:45 -------- d-----w- C:\Documents
2010-12-06 19:38 . 2010-12-07 01:55 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-12-06 19:35 . 2010-12-06 19:35 -------- d-----w- c:\program files\IIS
2010-12-06 19:34 . 2010-12-06 19:34 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-06 19:34 . 2010-12-06 19:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-06 19:23 . 2010-12-06 19:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-12-06 19:17 . 2010-12-07 01:56 -------- d-----w- c:\program files\Microsoft SQL Server
2010-12-06 19:11 . 2010-12-06 19:11 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-12-05 14:33 . 2010-12-05 14:34 -------- d-----w- c:\program files\Lost Chronicles - Salem
2010-12-04 08:44 . 2010-12-04 08:44 -------- d-----w- c:\documents and settings\Owner\Application Data\unsure
2010-12-04 08:03 . 2010-12-04 09:13 -------- d-----w- C:\HiJackThis
2010-12-03 10:41 . 2010-12-03 10:42 -------- d-----w- c:\program files\Haunted Manor - Lord of Mirrors
2010-12-03 07:48 . 2010-12-03 07:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Chronicles of Albian
2010-12-03 03:25 . 2010-12-03 03:25 -------- d-----w- c:\program files\Realtek AC97
2010-12-02 19:05 . 2010-12-02 19:06 -------- dc-h--w- c:\windows\ie8
2010-12-02 14:33 . 2001-08-17 21:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-12-02 14:33 . 2001-08-17 21:47 9344 ----a-w- c:\windows\system32\drivers\NtApm.sys
2010-12-01 10:19 . 2010-12-01 10:19 -------- d-----w- c:\program files\Driver Sweeper
2010-12-01 08:48 . 2010-12-01 08:48 -------- d-----w- c:\documents and settings\Owner\Application Data\HillStoneAnimationStudios
2010-12-01 08:42 . 2010-12-01 10:19 -------- d-----w- c:\program files\The Dragon Dance
2010-12-01 06:38 . 2010-12-01 06:38 -------- d-----w- c:\program files\TrendMicro
2010-12-01 03:39 . 2010-12-01 03:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-30 17:27 . 2010-11-30 17:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Old Castle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-07 15:46 . 2010-08-14 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-20 02:41 . 2010-10-29 16:29 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-16 09:10 . 2010-11-16 09:10 65328 ----a-w- c:\windows\apppatch\matsshim.dll
2010-10-31 11:45 . 2003-03-19 11:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-31 11:45 . 2003-02-21 19:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-29 16:30 . 2010-10-29 16:30 53248 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-10-16 20:04 . 2010-10-16 20:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 20:04 . 2010-10-16 20:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 20:04 . 2010-10-16 20:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 20:04 . 2010-10-16 20:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 20:04 . 2010-10-16 20:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 20:04 . 2010-10-16 20:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 18:55 . 2010-11-09 03:29 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55 . 2010-11-09 03:29 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55 . 2010-01-12 20:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-01-12 20:03 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2009-09-28 00:12 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2009-09-28 00:12 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2009-09-28 00:12 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2009-09-28 00:12 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2009-09-28 00:12 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55 . 2005-01-10 00:32 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-16 18:55 . 2005-01-10 00:32 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-11 03:48 . 2010-10-11 03:48 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86ef8bd1-47f3-4322-923f-f29cdf477eb0}]
2010-07-01 17:31 462848 ----a-w- c:\program files\CAJ Media\Browser Enhancer\adxloader.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311T Wireless Assistant.lnk]
backup=c:\windows\pss\NETGEAR WG311T Wireless Assistant.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMRUBottedTray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RUBotted"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"HPHUPD05"=c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
"HPHmon05"=c:\windows\System32\hphmon05.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"AS00_WN311B"=c:\program files\NETGEAR\WN311B\Utility\WN311B.exe -hide
"AlcxMonitor"=ALCXMNTR.EXE
"EvtMgr6"=c:\program files\Logitech\SetPointP\SetPoint.exe /launchGaming
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"VTTimer"=VTTimer.exe
"Sunkist2k"=c:\program files\Multimedia Card Reader\shwicon2k.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\USArmy\\America's Army 2\\System\\ArmyOps.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\BetOnSoft\\Lucky Creek\\Code\\win32\\vc80\\release\\GameHost\\GameClient.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57868:TCP"= 57868:TCP:Pando Media Booster
"57868:UDP"= 57868:UDP:Pando Media Booster
"58082:TCP"= 58082:TCP:Pando Media Booster
"58082:UDP"= 58082:UDP:Pando Media Booster

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [4/18/2010 3:17 PM 33824]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [6/14/2009 2:54 AM 14336]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [10/29/2010 8:28 AM 10448]
S1 svurigyu;svurigyu;\??\c:\windows\system32\drivers\svurigyu.sys --> c:\windows\system32\drivers\svurigyu.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [9/2/2010 7:55 PM 16194]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/4/2009 5:26 PM 17792]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/4/2009 5:26 PM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [9/4/2009 5:26 PM 21504]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [12/2/2010 6:33 AM 9344]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [8/9/2009 9:18 PM 3567]
S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\ProDefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 09:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://charter.net/
mStart Page = hxxp://www.youcansearch.com
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
Trusted Zone: fizzy.com\www
Trusted Zone: gamehouse.com\support
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ruxymsv.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.ikariam.com/index.php
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-30 08:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,5a,48,70,0a,c9,78,45,99,13,21,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,5a,48,70,0a,c9,78,45,99,13,21,\

[HKEY_USERS\S-1-5-21-2160417155-3552369149-2325123058-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'lsass.exe'(696)
c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll

- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2010-12-30 09:01:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-30 17:01

Pre-Run: 16,916,258,816 bytes free
Post-Run: 17,336,029,184 bytes free

- - End Of File - - 4E3BBB534E5CAA48C03BDFD0BAD55F4A

0

Now please do a NEW scan with the DDS scanner and please copy/paste BOTH logs.

Edited by jholland1964: n/a

0

Heres the HI-Jack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:37 AM, on 12/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youcansearch.com
O2 - BHO: Browser Enhancer - {86ef8bd1-47f3-4322-923f-f29cdf477eb0} - C:\Program Files\CAJ Media\Browser Enhancer\adxloader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: First Web Casino - 829147F7-9DD7-4223-9B19-BAB2296781B5 - C:\Microgaming\Casino\FirstWeb\Casinogame.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O15 - Trusted Zone: http://www.fizzy.com
O15 - Trusted Zone: http://support.gamehouse.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244993918187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244996544718
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5512 bytes

0

KK heres DDS


DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 9:26:53.93 on Thu 12/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.665 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\virisissues\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://charter.net/
mStart Page = hxxp://www.youcansearch.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Browser Enhancer: {86ef8bd1-47f3-4322-923f-f29cdf477eb0} - c:\program files\caj media\browser enhancer\adxloader.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SoundMan] SOUNDMAN.EXE
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\program files\iobit\advanced systemcare 3\SPICtrl.dll
Trusted Zone: fizzy.com\www
Trusted Zone: gamehouse.com\support
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244993918187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244996544718
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\9ruxymsv.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.ikariam.com/index.php
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-4-18 33824]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2009-6-14 14336]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-10-29 10448]
S1 svurigyu;svurigyu;\??\c:\windows\system32\drivers\svurigyu.sys --> c:\windows\system32\drivers\svurigyu.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2010-9-2 16194]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-9-4 17792]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-9-4 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-9-4 21504]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2010-12-2 9344]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2009-8-9 3567]
S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\prodefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]

=============== Created Last 30 ================

2010-12-30 16:08:35 98816 ----a-w- c:\windows\sed.exe
2010-12-30 16:08:35 89088 ----a-w- c:\windows\MBR.exe
2010-12-30 16:08:35 256512 ----a-w- c:\windows\PEV.exe
2010-12-30 16:08:35 161792 ----a-w- c:\windows\SWREG.exe
2010-12-29 12:28:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 12:28:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-28 09:04:25 -------- d-----w- c:\docume~1\owner\applic~1\BloodTies
2010-12-28 09:03:04 -------- d-----w- c:\program files\Blood Ties
2010-12-26 09:31:49 -------- d-----w- c:\program files\Awakening - Moonfell Wood
2010-12-25 12:45:27 -------- d-----w- c:\program files\Fear For Sale - Mystery of McInroy Manor
2010-12-25 08:18:38 -------- d-----w- c:\docume~1\owner\applic~1\funkitron
2010-12-24 08:57:32 -------- d-----w- c:\docume~1\owner\applic~1\Casual Arts
2010-12-24 08:57:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Casual Arts
2010-12-21 11:34:45 -------- d-----w- c:\docume~1\owner\applic~1\Mystery of Mortlake Mansion
2010-12-21 06:13:01 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-21 06:13:01 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-21 06:13:00 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-12-21 06:13:00 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-12-21 06:11:59 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-12-21 06:10:59 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-12-21 06:09:59 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2010-12-21 06:08:57 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-12-21 06:07:59 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-12-21 06:06:59 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-12-21 06:05:58 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2010-12-21 06:04:59 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2010-12-17 13:06:20 -------- d-----w- c:\docume~1\owner\applic~1\7Wonders
2010-12-17 12:02:49 -------- d-----w- c:\program files\Art of Murder - Cards of Destiny
2010-12-16 08:50:30 -------- d-----w- c:\program files\Club World Casinos
2010-12-16 08:37:19 -------- d-----w- c:\program files\Grande Vegas Casino
2010-12-16 05:21:37 -------- d-----w- c:\docume~1\owner\applic~1\CoreInternetUtility
2010-12-16 05:21:18 -------- d-----w- c:\program files\CAJ Media
2010-12-15 20:34:11 -------- d-----w- c:\docume~1\owner\applic~1\NatGeoGames
2010-12-15 20:34:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\NatGeoGames
2010-12-11 07:44:41 -------- d-----w- c:\program files\Fiction Fixers - The Curse of OZ
2010-12-11 07:38:20 -------- d-----w- c:\program files\Hidden Identity - Chicago Blackout
2010-12-11 07:37:19 -------- d-----w- c:\program files\7 Wonders of the World
2010-12-11 07:36:15 -------- d-----w- c:\program files\Samantha Swift - Mystery From Atlantis
2010-12-11 07:33:25 -------- d-----w- c:\program files\Robinson Crusoe and the Cursed Pirates
2010-12-11 07:30:23 -------- d-----w- c:\program files\The Mystery of the Mary Celeste
2010-12-09 04:48:54 3584 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2010-12-09 04:48:54 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-12-09 04:48:18 -------- d-----w- c:\program files\MSECACHE
2010-12-09 04:30:37 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\VIPSlotsCasino
2010-12-09 04:23:55 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\CrazySlotsCasino
2010-12-09 04:15:07 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\GoCasino
2010-12-08 18:33:32 -------- d-----w- c:\docume~1\owner\applic~1\gogii
2010-12-08 18:32:09 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-08 17:35:36 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\FixItCenter
2010-12-08 17:30:46 -------- d-----w- c:\windows\MATS
2010-12-08 17:30:44 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-12-08 15:23:22 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-12-08 05:49:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Cateia Games
2010-12-07 15:46:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-07 09:01:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\OfficeGuardian
2010-12-07 01:58:10 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-07 01:58:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-06 19:45:16 -------- d-----w- C:\Documents
2010-12-06 19:38:12 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-12-06 19:35:04 -------- d-----w- c:\program files\IIS
2010-12-06 19:34:16 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-06 19:34:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-06 19:17:26 -------- d-----w- c:\program files\Microsoft SQL Server
2010-12-06 19:11:54 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-12-05 14:33:50 -------- d-----w- c:\program files\Lost Chronicles - Salem
2010-12-04 08:44:35 -------- d-----w- c:\docume~1\owner\applic~1\unsure
2010-12-04 08:03:35 -------- d-----w- C:\HiJackThis
2010-12-03 10:41:36 -------- d-----w- c:\program files\Haunted Manor - Lord of Mirrors
2010-12-03 07:48:54 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Chronicles of Albian
2010-12-03 03:25:21 -------- d-----w- c:\program files\Realtek AC97
2010-12-02 19:05:29 -------- dc-h--w- c:\windows\ie8
2010-12-02 14:33:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-12-02 14:33:47 9344 ----a-w- c:\windows\system32\drivers\NtApm.sys
2010-12-01 10:19:41 -------- d-----w- c:\program files\Driver Sweeper
2010-12-01 08:48:52 -------- d-----w- c:\docume~1\owner\applic~1\HillStoneAnimationStudios
2010-12-01 08:42:15 -------- d-----w- c:\program files\The Dragon Dance
2010-12-01 06:38:17 -------- d-----w- c:\program files\TrendMicro
2010-11-30 17:27:34 -------- d-----w- c:\docume~1\owner\applic~1\Old Castle

==================== Find3M ====================

2010-12-07 15:46:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-05 07:29:53 241700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-05 07:29:53 241700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-05 07:29:53 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-16 09:10:14 65328 ----a-w- c:\windows\apppatch\matsshim.dll
2010-10-31 11:45:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-31 11:45:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-16 20:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 20:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 20:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 20:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 20:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 20:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll

============= FINISH: 9:27:07.31 ===============

0

and heres attached


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

How do I attach zipped file?

Edited by r8er4ever: n/a

0

Your HijackThis is out of date. Please UNINSTALL it and download the newest version, 2.0.4 and re-run the system scan with it.
http://free.antivirus.com/hijackthis/

Did you read MY instructions concerning DDS scanner logs?
I said copy/paste BOTH logs. Also read the instructions given in the DDS instructions. it CLEARLY says UNLESS SPECIFICALLY INSTRUCTED
I DID specifically instruct you to copy/paste BOTH logs.

Please copy/paste that log here. I will not open an attachment.

Edited by jholland1964: n/a

0

I cannot give further instructions until that second log is copy/pasted here.And there ARE further instructions waitng. Your computer isn't clean yet.

Edited by jholland1964: n/a

0

I sorry I interpited it in reverse I guess, thinking it ment to zip it unless specificly told not to....My bad
But here it is,kk

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/14/2009 6:18:55 AM
System Uptime: 12/30/2010 8:52:06 AM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Athlon(tm) XP 3000+ | Socket A | 2100/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 108 GiB total, 16.179 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.279 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\D1381BE01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\D1381BE01800
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80FF1043&REV_78\3&61AAA01&1&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80FF1043&REV_78\3&61AAA01&1&90
Service: FETND5BV

Class GUID: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Description: NT Apm/Legacy Interface Node
Device ID: ROOT\NTAPM\0000
Manufacturer: Microsoft
Name: NT Apm/Legacy Interface Node
PNP Device ID: ROOT\NTAPM\0000
Service: NtApm

==== System Restore Points ===================

RP352: 9/12/2010 8:21:01 PM - System Checkpoint
RP353: 9/14/2010 11:45:29 AM - System Checkpoint
RP354: 9/16/2010 11:45:02 AM - System Checkpoint
RP355: 9/16/2010 1:11:04 PM - Restore Operation
RP356: 9/17/2010 8:27:27 PM - Software Distribution Service 3.0
RP357: 9/18/2010 6:24:47 AM - Removed RangeMax(tm) NEXT Wireless Adapter WN311B
RP358: 9/18/2010 6:26:10 AM - Installed RangeMax(tm) NEXT Wireless Adapter WN311B
RP359: 9/18/2010 7:24:21 AM - Removed Trend Micro Anti-Spam For Outlook
RP360: 9/18/2010 7:24:50 AM - Removed Trend Micro Anti-Spam For Outlook Express
RP361: 9/19/2010 12:48:23 AM - Installed Grande Vegas Casino.
RP362: 9/20/2010 4:42:38 PM - System Checkpoint
RP363: 9/23/2010 2:36:47 AM - System Checkpoint
RP364: 9/24/2010 1:38:35 PM - Installed Mega Manager
RP365: 9/25/2010 3:43:59 PM - System Checkpoint
RP366: 9/29/2010 1:18:12 AM - Installed Cool Cat Casino.
RP367: 9/30/2010 6:43:51 PM - System Checkpoint
RP368: 10/1/2010 7:02:41 PM - System Checkpoint
RP369: 10/3/2010 6:33:13 AM - System Checkpoint
RP370: 10/4/2010 11:09:20 AM - System Checkpoint
RP371: 10/4/2010 11:55:20 PM - Removed Skype™ 4.2
RP372: 10/5/2010 6:00:43 AM - Software Distribution Service 3.0
RP373: 10/6/2010 12:41:03 PM - System Checkpoint
RP374: 10/7/2010 2:21:50 PM - System Checkpoint
RP375: 10/8/2010 5:38:57 PM - System Checkpoint
RP376: 10/10/2010 7:46:48 AM - System Checkpoint
RP377: 10/10/2010 8:48:45 PM - Installed HiJackThis
RP378: 10/10/2010 10:20:22 PM - wireshark
RP379: 10/11/2010 12:19:55 PM - Software Distribution Service 3.0
RP380: 10/11/2010 10:28:36 PM - Removed Trend Micro RUBotted
RP381: 10/11/2010 10:40:02 PM - Removed Linesmaker.com
RP382: 10/13/2010 5:42:51 AM - Installed BetPhoenix.
RP383: 10/14/2010 11:23:44 AM - System Checkpoint
RP384: 10/15/2010 6:54:48 PM - System Checkpoint
RP385: 10/16/2010 5:04:58 PM - Restore Operation
RP386: 10/16/2010 11:35:10 PM - Advanced SystemCare RestorePoint
RP387: 10/17/2010 12:55:25 AM - Installed Realtek AC'97 Audio
RP388: 10/18/2010 1:41:36 PM - System Checkpoint
RP389: 10/18/2010 3:10:03 PM - Installed Microsoft Web Platform Installer 2.0
RP390: 10/19/2010 5:29:07 PM - System Checkpoint
RP391: 10/20/2010 9:13:22 AM - Installed Microsoft Silverlight 4 SDK
RP392: 10/21/2010 9:48:45 AM - System Checkpoint
RP393: 10/22/2010 11:42:17 PM - Restore Operation
RP394: 10/24/2010 9:26:26 AM - System Checkpoint
RP395: 10/25/2010 12:02:26 AM - Software Distribution Service 3.0
RP396: 10/28/2010 12:08:45 PM - System Checkpoint
RP397: 10/30/2010 11:06:14 AM - Removed Mega Manager
RP398: 10/30/2010 11:09:23 AM - Removed WNXWN
RP399: 10/30/2010 11:17:44 AM - Software Distribution Service 3.0
RP400: 10/30/2010 11:18:23 AM - ff
RP401: 11/1/2010 4:36:27 AM - System Checkpoint
RP402: 11/2/2010 10:16:36 AM - System Checkpoint
RP403: 11/3/2010 12:28:39 PM - System Checkpoint
RP404: 11/4/2010 4:09:34 PM - System Checkpoint
RP405: 11/5/2010 8:16:46 PM - System Checkpoint
RP406: 11/7/2010 9:52:20 AM - System Checkpoint
RP407: 11/8/2010 11:17:15 AM - System Checkpoint
RP408: 11/9/2010 1:36:22 PM - System Checkpoint
RP409: 11/10/2010 1:38:24 PM - System Checkpoint
RP410: 11/11/2010 3:12:44 PM - System Checkpoint
RP411: 11/14/2010 1:09:17 PM - System Checkpoint
RP412: 11/15/2010 1:45:03 PM - Installed Slots of Vegas.
RP413: 11/16/2010 2:43:03 PM - System Checkpoint
RP414: 11/16/2010 6:47:30 PM - Restore Operation
RP415: 11/18/2010 1:57:38 AM - pre
RP416: 11/18/2010 2:00:02 AM - Software Distribution Service 3.0
RP417: 11/19/2010 4:01:20 PM - System Checkpoint
RP418: 11/20/2010 2:44:57 AM - Installed WinZip 15.0
RP419: 11/20/2010 2:52:06 AM - Removed WinZip 15.0
RP420: 11/21/2010 4:08:35 PM - System Checkpoint
RP421: 11/22/2010 11:35:14 PM - System Checkpoint
RP422: 11/24/2010 2:10:52 PM - System Checkpoint
RP423: 11/25/2010 2:27:48 PM - System Checkpoint
RP424: 11/27/2010 1:55:35 PM - System Checkpoint
RP425: 11/28/2010 5:48:09 PM - System Checkpoint
RP426: 11/30/2010 12:05:45 PM - System Checkpoint
RP427: 11/30/2010 7:37:27 PM - Restore Operation
RP428: 12/1/2010 2:18:24 AM - Restore Operation
RP429: 12/2/2010 10:26:11 AM - System Checkpoint
RP430: 12/2/2010 11:06:49 AM - Installed Windows Internet Explorer 8.
RP431: 12/2/2010 7:31:25 PM - Software Distribution Service 3.0
RP432: 12/4/2010 2:29:45 PM - System Checkpoint
RP433: 12/5/2010 9:25:28 PM - System Checkpoint
RP434: 12/6/2010 5:54:02 PM - Restore Operation
RP435: 12/6/2010 7:21:08 PM - Installed Java(TM) 6 Update 22
RP436: 12/6/2010 11:52:20 PM - IObit Uninstaller RestorePoint
RP437: 12/6/2010 11:52:40 PM - Removed Java(TM) 6 Update 17
RP438: 12/6/2010 11:59:40 PM - IObit Uninstaller RestorePoint
RP439: 12/6/2010 11:59:59 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP440: 12/7/2010 12:04:02 AM - IObit Uninstaller RestorePoint
RP441: 12/7/2010 12:04:27 AM - Removed J2SE Runtime Environment 5.0 Update 21
RP442: 12/7/2010 6:51:50 AM - Restore Operation
RP443: 12/7/2010 6:57:43 AM - Restore Operation
RP444: 12/7/2010 7:02:09 AM - Restore Operation
RP445: 12/7/2010 7:45:56 AM - Installed Java(TM) 6 Update 22
RP446: 12/9/2010 12:24:15 PM - Installed Intertops Casino.
RP447: 12/10/2010 8:58:32 PM - Removed Microsoft Silverlight
RP448: 12/12/2010 9:18:13 AM - System Checkpoint
RP449: 12/13/2010 6:57:16 PM - Installed EnglishHarbour Casino.
RP450: 12/15/2010 8:15:17 PM - Advanced SystemCare RestorePoint
RP451: 12/20/2010 10:24:39 PM - Advanced SystemCare RestorePoint
RP452: 12/23/2010 8:20:31 PM - System Checkpoint
RP453: 12/23/2010 9:14:12 PM - Advanced SystemCare RestorePoint
RP454: 12/25/2010 6:47:57 PM - System Checkpoint
RP455: 12/30/2010 8:09:06 AM - ComboFix created restore point

==== Installed Programs ======================


µTorrent
1310
1310_Help
1310Tour
1310Trb
21 Grand Casino
21Dukes Casino
3Dice Casino
50States Casino
7 Wonders of the World
7Reels Casino
7Spins
AA2Deploy
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Advanced SystemCare 3
AiO_Scan
AiOSoftware
AllPokerCasino
Always Vegas
Awakening: Moonfell Wood
Aztec Casino
Bella Vegas Casino
BetPhoenix
BetUS Casino
Big Dollar Casino
Big Fish Games: Game Manager
Bing Maps 3D
BitTorrent
BlackLights
Blood Oath
Blood Ties
Bodog Poker
Box 24
Browser Enhancer
BufferChm
CameraDrivers
CaptainJack Casino
CaribbeanGold Casino
Casino Client
Casino Grand Bay
Casino Share
Casino Titan
CasinoLink
CasinoMoons
CasinoStates
CatsEye Casino
CCleaner
Chronicles of Albian - The Magic Convention
Cleopatras Palace
Club Vegas USA
Club World Casinos
Cocoa Casino
Cool Cat Casino
Copy
Crazy Slots Casino
CreativeProjects
CreativeProjectsTemplates
Cross Fire En
CueTour
DaVinci's Gold
Defraggler
Destinations
Diamond VIP Club
Diceland
Diner Dash
Director
DNA
DocProc
DocumentViewer
Downtown Secrets
Driver Sweeper 2.0.5
EnglishHarbour Casino
Enhanced Multimedia Keyboard Solution
Enlightenus II: The Timeless Tower
eReg
EVEREST Home Edition v2.20
Fax
Fear For Sale: Mystery of McInroy Manor
Fiction Fixers: The Curse of OZ
Flock (2.6.1)
Fortune Reel Casino
Game Booster
GIMP 2.6.7
Glary Utilities 2.30.0.1066
Go Casino
Gold Vegas Casino
GoldStream Casino
Google Chrome
Grand Eagle Casino
Grande Vegas Casino
Haunted Manor: Lord of Mirrors
Hidden Identity: Chicago Blackout
Highnoon Casino
HiJackThis
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet Preloaded Printer Drivers
HP Diagnostic Assistant
HP Driver Diagnostics
HP Image Zone 4.2
HP Image Zone Plus 3.5
HP Instant Support
HP Photo & Imaging 3.5 - HP Devices
HP Product Detection
HP Software Update
HP Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ350
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
ieSpell
InstantShare
Intertops Casino
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
Irish Luck Casino
Java Auto Updater
Java(TM) 6 Update 22
JPHSetup
Jupiter Club Casino
Lion Slots Online Casino
Logitech SetPoint 6.15
Lost Chronicles: Salem
Malwarebytes' Anti-Malware
Mandarin Palace Casino
Margrave Manor 2: The Lost Ship
Mayan Fortune
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Live Add-in 1.4
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Platform Installer 2.0
Microsoft Works 7.0
Millionaire Manor - The Hidden Object Show 3
MillionaireCasino
MoneyCasino
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Multimedia Card Reader
Mystery Legends Phantom of the Opera
Mystery Masterpiece: The Moonstone
Nat Geo Games King and Queen's Pack
NETGEAR Wireless Adapter WG311T
Nightfall Mysteries - Asylum Conspiracy Premium Edition
NVIDIA Control Panel 260.99
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
OBD-PC Link
Online Vegas Casino
OpenAL
Overland
Pando Media Booster
Pantasia
Paradise 8
PartyCasino
PC-Doctor for Windows
Pharaohs Gold Casino
Phoenician Casino
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Planet King
Planet7 Casino
PrintScreen
ProductContext
PS2
PSShortcutsP
PunkBuster Services
Python 2.2 combined Win32 extensions
Python 2.2.1
Python 2.6.4
QFolder
QuickProjects
RangeMax(tm) NEXT Wireless Adapter WN311B
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
RealUpgrade 1.1
RecordNow!
Red Flush
Rialto
RichCasino
Ringmaster Casino
Roadhouse Reels Casino
Robinson Crusoe and the Cursed Pirates
Rockbet Casino
RomeCasino
Royal Apollo
Royal Kings
Royal Sands Casino
RoyalAceCasino.com
Ruby Royal Casino
Samantha Swift: Mystery From Atlantis
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SilverDollarMultiCasino
Simon Says Casino
SkinsHP1
SkinsHP2
Slingo Mystery 2 - The Golden Escape
Slot Power
Sloto Cash
Slots Galore Casino
Slots Jackpot Casino
Slots Jungle Casino
Slots of Fortune
Superior Casino
SuperslotsCasino
Supreme Play
TeamSpeak 2 RC2
TeamSpeak Overlay BETA 2 (#63)
The Island - Castaway
The Mystery of the Mary Celeste
The Otherside - Realm of Eons
The Seawise Chronicles - Untamed Legacy
The Secrets of Da Vinci
The Treasures of Mystery Island 2 - The Gates of Fate
Thebes
This Is Vegas
Toolkit View(HP)
TrayApp
Treasure Mile Casino
Tropica Casino
Tulula - Legend of a Volcano
Unload
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vanguard Casino
Vegas Aces Casino
Vegas Days
Vegas Regal Casino
Vegas Sky
Vegas2Web
Vegascasino21
Ventrilo Client
VIA Rhine-Family Fast Ethernet Adapter
Villa Fortuna Casino
VIP Club Casino
VIP Slots
VIP Slots Casino
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
Winward
WinZip 15.0
WizBet Casino
Women's Murder Club - Little Black Lies
XML Paper Specification Shared Components Pack 1.0
YesWeCan Casino
Zodiac Casino

==== Event Viewer Messages From Past Week ========

12/30/2010 8:24:24 AM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 5:36:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: fasttx2k SISAGP
12/29/2010 12:09:04 AM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
12/25/2010 8:04:42 AM, error: Service Control Manager [7023] - The Security Center service terminated with the following error: %%16389
12/24/2010 2:45:04 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The RIP Listener service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The IPv6 Helper Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
12/24/2010 10:00:24 PM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/24/2010 10:00:24 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/24/2010 10:00:24 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/24/2010 10:00:24 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
12/24/2010 10:00:24 PM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/23/2010 6:43:34 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

==== End Of File ===========================

0

By the way for the record. I am not sure if every thing is fixed now, but so far today not once have I gotten that second IE pop-up window, nore have I had to reinstall my Legacy sound driver, and desktop task bar hasn't changed color or has my IE window toolbar black-out at all. Gonna wait to hear feedback on the latest logs before I began any type of victory end-zone dance...lol

0

Can maybe after this is cleared someone tell me if there is any way to find out the produst key for the microsoft office 2003? I lost the cd case that had the sticker on it and every time I try to open office it ask for the key.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.