Performance and shutdown problems

**Prairiedog** · 03-10-2010 12:11 AM

I am new to this forum. Hope I am following proper protocol. If not, please let me know.

I would appreciate any help you can provide.

Lately, my Outlook has been acting strange. Hanging frequently. Have problems copying items to the clipboard periodically. Seems slow. Tried to make entries in a simple Excel spreadsheet and it hung. Periodially, I do get Windows blue screen - fatal error message - usually something about writing in a non-paged area. Often happens after working with iTunes. I usually just reboot and it works fine for awhile.

I do regular cleanups with Ccleaner (latest version). Also ran the two programs you recommended and didn't come up with anything.

Upon shutdown, my computer often hangs and gives a weird message like End Program - 548 This Program is Not responding, click now to End Now. ( or Program - abc Not Responding, or Program - fd0 Not Responding) After it tries and fails, I hit end now and it shuts it down and reboots, but I have never been able to find any 548 executable file or any file of that name (or any of the other names). It will be than name one day and the next day it will be End program - abc or End Program fd0.

I am inserting my system information, spybot, malwarebytes and superspyware log files as well as my HiJack log. I couldn't locate my Ccleaner log. Don't know if it makes one.

I have a Dell Inspiron E1705 laptop computer with 17 inch monitor, and a number of external hard drives.

OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name DF2NNP91
System Manufacturer Dell Inc.
System Model MP061
System Type X86-based PC
Processor x86 Family 6 Model 14 Stepping 8 GenuineIntel ~2161 Mhz
BIOS Version/Date Dell Inc. A09, 6/27/2007
SMBIOS Version 2.4
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name DF2NNP91\Art
Time Zone Central Standard Time
Total Physical Memory 2,048.00 MB
Available Physical Memory 1.26 GB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 3.85 GB
Page File C:\pagefile.sys

**JohnB151** · 03-10-2010 02:57 PM

Hi and welcome to the Help2Go forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

Despite that it is important that you first know a couple of things:

The fixes are specific to your problem and should only be used for this issue on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me how long it will take so the topic will not be closed.

There are also some things that I want you do so I can work as good as possible:

Please be patient. The work I do is voluntary and I also have a private life (school, work, friends and hobbies).
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
Please reply to this thread. Do not start a new topic.
Also, don't post logs as attachments. Other helpers like to view the logs as well and opening a lot of attachments is irritating. It can also contain malware.

One more thing is very important for users who have Vista as operating system.
When I instruct to run a tool or program always right-click and choose 'Run as Administrator' instead of just double-clicking the icon.

Finally, please make a uninstall list using HijackThis and post that log so I know you have read this post.
To access the Uninstall Manager you would do the following:

Start HijackThis
Click on the Open The Misc Tool Section button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop and post the contents in a reply to this topic.

Regards,
John.

**Prairiedog** · 03-10-2010 03:34 PM

Thanks John. Sorry for posting attachments. I will try remember to paste logs into posts in future. I appreciate you having a look at this for me. I'm pasting in the contents of the file created by HiJack uninstall list below.

Thanks
Art

Acrobat.com
Adobe Acrobat Elements 6.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Uploader
Adobe Premiere Elements 8.0
Adobe Premiere Elements 8.0
Adobe Premiere Elements 8.0 Templates
Adobe Premiere Elements 8.0 Templates
Adobe Reader 9.3.1
AllMusicConverter 3.1.1
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Binary Boy
Bonjour
Broadcom Management Programs
Carbonite Online Backup Setup
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Diagnostic for Windows
Digital Line Detect
DirectXInstallService
FileTouch 2.1
GemMaster Mystic
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Product Detection
HP Solution Center 7.0
HP Update
Intel(R) PROSet/Wireless Software
iTunes
iTunes Library Updater
Java(TM) 6 Update 17
Java(TM) 6 Update 5
Logitech Desktop Messenger
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Virtual Technician
mCore
mDrWiFi
mHlpDell
Microlife BPA 3.1
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Streets & Trips 2006 with GPS Locator
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
mIWA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
OCR Software by I.R.I.S 7.0
PC Magazine Defrag-A-File 2.0.4
PC Magazine DiskPiePro 2.0
PC Magazine File Utility Pack
PC Magazine Startup Cop Pro 5.0
PCMagazine Dupeless Version 2.0
PCMagazine WMatch Version 3.0
PHOTOfunSTUDIO 4.0
PhotoshopdotcomInspirationBrowser
PolyView 4.402
PowerDVD DX
PowerQuest PartitionMagic 8.0
QualXServ Service Agreement
Quicken 2009
QuickSet
QuickTime
Readiris Pro 12
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Skype web features
Skype™ 4.1
SmartSound Quicktracks for Premiere Elements
SmartSound Quicktracks for Premiere Elements
SmartSound Quicktracks for Premiere Elements 8.0
SmartSound Quicktracks for Premiere Elements 8.0
Sonic Encoders
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Video Capture USB
WD Anywhere Backup
WD Drive Manager (x86)
Windows Driver Package - Roxio Technology (USB28xxBGA) Media (11/14/2008 5.8.0912.1114)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
XPlay 3

**JohnB151** · 03-12-2010 09:33 AM

Hi Art,

Sorry for the delay. I thought I had posted this but it seems I did not.

The logs you posted look clean, so let's run some deeper scans to see if you are infected.

Please copy the fix to Word, or print it, because you won't always have internet access!

Step 1: Download and Run DDS
Please download DDS and save it to your desktop:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click on dds to run it.

When done, DDS.txt will open. Another file called Attach.txt will open after a short while. Please save these 2 files to your desktop as they will be deleted once you close them.

Step 2: Download and Run Gmer
Please download Gmer to your desktop and unzip it to your desktop.
http://www.gmer.net/gmer.zip

Disconnect from internet and close running programs. There is a small chance this application may crash your computer so save any work you have open.
Double click the .exe file. If asked to allow gmer.sys driver to load, please allow that.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the Save button, and in the File name area, type in "Gmer.txt" or it will save as a .log file.
Save it where you can easily find it, such as your desktop.

Note: Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Step 3: Post logs
Please post the following in a reply to this topic (use multiple posts if needed):

DDS.txt
Attach.txt
Gmer log

Regards,
John.

**Prairiedog** · 03-12-2010 10:53 PM

Hi John,

I printed off your instructions, downloaded DDS and ran it and saved the 2 files no problem. I will paste in their contents below. Then I tried to download and run Gmer.exe and ran into problems - twice it would run for a short time and then I would get a blue screen. When I rebooted the computer it came back up and sent an error report to microsoft and then my browser opened and it told me to troubleshoot driver problems. I decided to try disabling my McAfee software while the Internet was disconnected (by disabling the radio on my laptop). I unchecked Sections and IAT/EAT as stated in the instructions. Only Drive C: was checked and Show all wasn't checked. Gmer.exe ran for 30 to 45 minutes going through files, the last I noticed it was going through adobe photoshop elements files when it blue screened again. This time when it recovered it was a more serious error message coming from microsoft. Sorry, I forget the exact wording - but it was a new one on me. It had two scenarios: (1.) if this was the first time I recieved this message or (2.) if I had received the message before. I selected 1, and it told me I had serious hardware or software problems and to make sure I had everything backed up.

What now?

Pasting in the text files from DDS below.

Thanks.
Art

DDS (Ver_09-12-01.01) - NTFSx86
Run by Art at 18:36:51.95 on Fri 03/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.856 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Magazine Utilities\Startup Cop Pro\StartupCopPro.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\Program Files\Internet Explorer\iexplore.exe
G:\Downloaded\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Startup Cop Pro Startup Launcher] "c:\program files\pc magazine utilities\startup cop pro\StartupCopPro.exe" /startup /Embedding
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [PhotoshopElements8SyncAgent] c:\program files\adobe\elements organizer 8.0\ElementsOrganizerSyncAgent.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: amazon.com\www
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237949628225
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237949726015
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 SpywareInfo.com
Hosts: 192.168.1.66 HP00187156F7C8

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2009-4-30 284416]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2009-12-27 136744]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2009-6-14 8576]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\common files\mediafour\ipod\M4iPodWPDService.exe [2009-11-13 216064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-3 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-3-3 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-3-3 144704]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-3-3 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-25 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-25 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-25 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-25 40552]
R3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2009-3-29 513152]
R3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2009-3-29 2688]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [2009-3-29 21016]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2009-3-20 386560]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-3-29 184320]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]

=============== Created Last 30 ================

2010-03-11 05:55:06 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cac0df66bc6786.mof
2010-03-11 05:50:08 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cac0deb4c1fbbe.mof
2010-03-07 19:39:36 0 d-----w- c:\docume~1\art\applic~1\Malwarebytes
2010-03-07 19:39:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 19:39:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-07 19:39:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-07 19:39:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 05:53:45 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-07 05:50:58 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-07 05:50:58 0 d-----w- c:\docume~1\art\applic~1\SUPERAntiSpyware.com
2010-03-07 05:49:56 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-07 05:03:20 0 d-----w- c:\program files\Trend Micro
2010-03-04 05:17:14 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2010-03-04 05:17:06 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-03-04 05:16:57 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-03-04 05:16:56 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-03-04 05:16:56 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2010-03-04 05:16:55 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-03-04 05:16:55 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2010-03-04 05:16:54 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-03-04 05:16:46 94720 ----a-w- c:\windows\system32\dllcache\certmap.ocx
2010-03-04 04:32:13 10671 ----a-w- c:\windows\system32\Config.MPF
2010-03-04 04:02:58 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-03-04 04:02:36 0 d-----w- c:\program files\common files\McAfee
2010-03-04 04:02:35 0 d-----w- c:\program files\McAfee.com
2010-02-28 16:21:00 0 d-----w- c:\docume~1\art\applic~1\Aspell
2010-02-28 15:18:30 0 d-----w- c:\docume~1\art\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-21 03:11:45 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cab2a3995fea36.mof
2010-02-20 21:08:16 16 ----a-w- c:\documents and settings\art\.javafx_ping_sent
2010-02-20 21:08:14 0 ----a-w- c:\documents and settings\art\.javafx_eula_accepted
2010-02-20 08:30:01 0 d-----w- c:\program files\common files\Panasonic
2010-02-20 08:27:52 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-02-20 08:27:51 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-12 02:35:06 0 d-----w- c:\program files\MSECache

==================== Find3M ====================

2010-03-10 03:09:29 72096 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-03-06 06:54:30 123600 ----a-w- c:\windows\fonts\AdobeFnt07.lst
2010-03-03 05:50:21 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-03 05:50:16 0 -c--a-w- c:\windows\system32\drivers\logiflt.iad
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\csrsrv.dll

============= FINISH: 18:37:48.93 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/24/2009 10:21:23 PM
System Uptime: 3/11/2010 10:00:37 AM (32 hours ago)

Motherboard: Dell Inc. | |
Processor: Genuine Intel(R) CPU T2600 @ 2.16GHz | Microprocessor | 2161/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 46 GiB total, 9.111 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 59 GiB total, 12.652 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 154.835 GiB free.
X: is CDROM ()
Y: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP223: 12/31/2009 10:32:30 PM - Printer Driver Microsoft Office Document Image Writer Installed
RP224: 1/1/2010 11:03:00 PM - System Checkpoint
RP225: 1/2/2010 8:51:02 PM - Update to an unsigned driver
RP226: 1/3/2010 11:01:55 PM - System Checkpoint
RP227: 1/4/2010 8:26:04 AM - Update to an unsigned driver
RP228: 1/5/2010 8:31:56 AM - System Checkpoint
RP229: 1/6/2010 9:31:55 AM - System Checkpoint
RP230: 1/6/2010 10:58:05 PM - Update to an unsigned driver
RP231: 1/7/2010 11:26:15 PM - System Checkpoint
RP232: 1/8/2010 10:00:08 PM - Software Distribution Service 3.0
RP233: 1/8/2010 10:21:11 PM - Software Distribution Service 3.0
RP234: 1/9/2010 10:30:58 AM - Update to an unsigned driver
RP235: 1/9/2010 12:17:13 PM - Update to an unsigned driver
RP236: 1/9/2010 9:03:05 PM - Update to an unsigned driver
RP237: 1/11/2010 10:21:04 AM - System Checkpoint
RP238: 1/12/2010 11:15:02 AM - System Checkpoint
RP239: 1/13/2010 9:21:52 AM - Software Distribution Service 3.0
RP240: 1/13/2010 10:39:01 PM - Software Distribution Service 3.0
RP241: 1/14/2010 8:18:02 AM - Software Distribution Service 3.0
RP242: 1/15/2010 8:27:08 AM - System Checkpoint
RP243: 1/15/2010 8:28:58 AM - Software Distribution Service 3.0
RP244: 1/16/2010 8:50:59 AM - System Checkpoint
RP245: 1/16/2010 6:53:21 PM - Software Distribution Service 3.0
RP246: 1/17/2010 12:59:41 AM - Software Distribution Service 3.0
RP247: 1/17/2010 6:53:09 PM - Software Distribution Service 3.0
RP248: 1/18/2010 6:53:19 PM - Software Distribution Service 3.0
RP249: 1/19/2010 6:52:48 PM - Software Distribution Service 3.0
RP250: 1/20/2010 1:00:21 PM - Software Distribution Service 3.0
RP251: 1/20/2010 6:53:04 PM - Software Distribution Service 3.0
RP252: 1/21/2010 6:53:13 PM - Software Distribution Service 3.0
RP253: 1/22/2010 1:00:19 PM - Software Distribution Service 3.0
RP254: 1/23/2010 10:06:18 AM - Software Distribution Service 3.0
RP255: 1/23/2010 9:04:37 PM - Update to an unsigned driver
RP256: 1/24/2010 9:43:06 PM - System Checkpoint
RP257: 1/25/2010 9:44:37 PM - System Checkpoint
RP258: 1/27/2010 3:00:55 AM - Software Distribution Service 3.0
RP259: 1/28/2010 2:12:15 PM - Software Distribution Service 3.0
RP260: 1/29/2010 3:48:29 AM - Update to an unsigned driver
RP261: 1/29/2010 9:28:22 PM - Software Distribution Service 3.0
RP262: 1/31/2010 10:42:54 AM - System Checkpoint
RP263: 2/1/2010 10:33:41 AM - Software Distribution Service 3.0
RP264: 2/1/2010 10:54:08 PM - Update to an unsigned driver
RP265: 2/2/2010 11:27:29 PM - System Checkpoint
RP266: 2/3/2010 1:02:31 PM - Update to an unsigned driver
RP267: 2/4/2010 1:10:42 PM - System Checkpoint
RP268: 2/4/2010 8:12:47 PM - Software Distribution Service 3.0
RP269: 2/5/2010 8:12:51 PM - Software Distribution Service 3.0
RP270: 2/6/2010 8:12:39 PM - Software Distribution Service 3.0
RP271: 2/7/2010 1:55:52 PM - Software Distribution Service 3.0
RP272: 2/7/2010 8:12:49 PM - Software Distribution Service 3.0
RP273: 2/8/2010 8:12:52 PM - Software Distribution Service 3.0
RP274: 2/9/2010 8:12:55 PM - Software Distribution Service 3.0
RP275: 2/9/2010 10:03:11 PM - Software Distribution Service 3.0
RP276: 2/9/2010 10:25:07 PM - Update to an unsigned driver
RP277: 2/10/2010 10:35:32 PM - System Checkpoint
RP278: 2/11/2010 8:35:17 PM - Installed Compatibility Pack for the 2007 Office system
RP279: 2/12/2010 11:49:54 AM - Software Distribution Service 3.0
RP280: 2/12/2010 8:19:43 PM - Update to an unsigned driver
RP281: 2/12/2010 8:36:56 PM - Update to an unsigned driver
RP282: 2/13/2010 8:46:22 PM - System Checkpoint
RP283: 2/14/2010 8:36:40 PM - Software Distribution Service 3.0
RP284: 2/15/2010 8:36:22 PM - Software Distribution Service 3.0
RP285: 2/15/2010 8:48:13 PM - Software Distribution Service 3.0
RP286: 2/16/2010 8:43:43 PM - Software Distribution Service 3.0
RP287: 2/17/2010 10:10:42 PM - System Checkpoint
RP288: 2/18/2010 9:12:34 AM - Software Distribution Service 3.0
RP289: 2/19/2010 12:34:21 PM - Software Distribution Service 3.0
RP290: 2/20/2010 2:27:43 AM - Installed PHOTOfunSTUDIO 4.0
RP291: 2/20/2010 1:00:22 PM - Software Distribution Service 3.0
RP292: 2/20/2010 8:46:42 PM - Printer Driver Microsoft Office Document Image Writer Installed
RP293: 2/21/2010 9:05:37 PM - Software Distribution Service 3.0
RP294: 2/22/2010 10:35:26 PM - System Checkpoint
RP295: 2/23/2010 10:38:55 PM - System Checkpoint
RP296: 2/24/2010 8:26:48 AM - Software Distribution Service 3.0
RP297: 2/24/2010 1:00:21 PM - Software Distribution Service 3.0
RP298: 2/25/2010 1:21:18 PM - System Checkpoint
RP299: 2/25/2010 1:23:49 PM - Software Distribution Service 3.0
RP300: 2/26/2010 1:57:59 PM - Software Distribution Service 3.0
RP301: 2/27/2010 8:20:52 PM - System Checkpoint
RP302: 2/27/2010 10:27:32 PM - Software Distribution Service 3.0
RP303: 2/28/2010 11:25:32 PM - System Checkpoint
RP304: 3/1/2010 9:46:39 AM - Software Distribution Service 3.0
RP305: 3/2/2010 9:47:11 AM - Software Distribution Service 3.0
RP306: 3/3/2010 10:15:12 AM - System Checkpoint
RP307: 3/3/2010 5:02:30 PM - Software Distribution Service 3.0
RP308: 3/4/2010 7:02:04 PM - System Checkpoint
RP309: 3/5/2010 7:02:49 PM - System Checkpoint
RP310: 3/6/2010 12:43:39 AM - Installed Adobe Acrobat Elements 6.0
RP311: 3/6/2010 11:50:57 PM - Installed SUPERAntiSpyware Free Edition
RP312: 3/8/2010 1:26:02 AM - System Checkpoint
RP313: 3/9/2010 1:34:12 AM - System Checkpoint
RP314: 3/9/2010 9:21:09 PM - Update to an unsigned driver
RP315: 3/10/2010 10:16:08 PM - System Checkpoint
RP316: 3/10/2010 10:40:00 PM - Software Distribution Service 3.0
RP317: 3/11/2010 10:47:36 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe Acrobat Elements 6.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Uploader
Adobe Premiere Elements 8.0
Adobe Premiere Elements 8.0 Templates
Adobe Reader 9.3.1
AiO_Scan_CDA
AiOSoftwareNPI
AllMusicConverter 3.1.1
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Binary Boy
Bonjour
Broadcom Management Programs
BufferChm
C6100
c6100_Help
Carbonite Online Backup Setup
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
Data Lifeguard Diagnostic for Windows
Destinations
DeviceManagementQFolder
Digital Line Detect
DirectXInstallService
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
eSupportQFolder
Fax_CDA
FileTouch 2.1
FullDPAppQFolder
GemMaster Mystic
GoToMeeting 4.1.0.366
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Product Detection
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
Intel(R) PROSet/Wireless Software
iTunes
iTunes Library Updater
Java(TM) 6 Update 17
Java(TM) 6 Update 5
Logitech Desktop Messenger
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
McAfee Virtual Technician
mCore
mDrWiFi
mHlpDell
Microlife BPA 3.1
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Streets & Trips 2006 with GPS Locator
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
mIWA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
NewCopy_CDA
OCR Software by I.R.I.S 7.0
PanoStandAlone
PartitionMagic
PC Magazine Defrag-A-File 2.0.4
PC Magazine DiskPiePro 2.0
PC Magazine File Utility Pack
PC Magazine Startup Cop Pro 5.0
PCMagazine Dupeless Version 2.0
PCMagazine WMatch Version 3.0
PHOTOfunSTUDIO 4.0
PhotoGallery
PhotoshopdotcomInspirationBrowser
PolyView 4.402
PowerDVD DX
PowerQuest PartitionMagic 8.0
ProductContextNPI
QualXServ Service Agreement
Quicken 2009
QuickSet
QuickTime
RandMap
Readiris Pro 12
Readme
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SkinsHP1
Skype web features
Skype™ 4.1
SlideShow
SmartSound Quicktracks for Premiere Elements
SmartSound Quicktracks for Premiere Elements 8.0
SolutionCenter
Sonic Encoders
Sonic_PrimoSDK
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Video Capture USB
WD Anywhere Backup
WD Drive Manager (x86)
WebFldrs XP
WebReg
Windows Driver Package - Roxio Technology (USB28xxBGA) Media (11/14/2008 5.8.0912.1114)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
XPlay 3

==== Event Viewer Messages From Past Week ========

3/7/2010 6:43:36 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2010 12:04:47 AM, error: Service Control Manager [7022] - The M4iPodWPDService service hung on starting.
3/6/2010 1:14:05 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2010 11:54:43 PM, error: Service Control Manager [7022] - The Fax service hung on starting.
3/10/2010 11:54:22 PM, error: System Error [1003] - Error code 10000050, parameter1 e4e2e000, parameter2 00000000, parameter3 8a2483de, parameter4 00000001.

==== End Of File ===========================

**JohnB151** · 03-13-2010 01:46 AM

Sorry, I forget the exact wording - but it was a new one on me. It had two scenarios: (1.) if this was the first time I recieved this message or (2.) if I had received the message before. I selected 1, and it told me I had serious hardware or software problems and to make sure I had everything backed up.

Is your PC working again or won't it run?

**Prairiedog** · 03-13-2010 11:33 AM

It is working again. Still has the same performance issues we are trying to investigate, but other than than I don't think it is any worse. Doesn't appear I will be able to run Gmer.exe, at least in normal mode. Can it be run in safe mode, or is the whole purpose of it to run while booted up in a normal configuration (except no internet connection).

Thanks for your help!

Art

**JohnB151** · 03-13-2010 01:45 PM

Hi Art,

Glad to hear it booted. A lot of people I am helping lately have problems with Gmer so let's not try it again. Please download RootRepeal.zip from here & unzip it to your desktop.

Double click RootRepeal.exe to start the program.
Click the Report tab at the bottom of the program window.
Click the Scan button.
In the Select Scan dialog, check:
- Drivers
  Files
  Processes
  SSDT
  Stealth Objects
  Hidden Services
Click the OK button.
In the next dialog, select all drives showing.
Click OK to start the scan. The scan can take some time. DO NOT run any other programs while the scan is running.
When the scan is complete, the Save Report button will become available.
Click this and save the report to your desktop as RootRepeal.txt
Then go to File then Exit to close the program.

Please post the log.

Regards,
John.

**Prairiedog** · 03-13-2010 07:13 PM

Hi John,

I tried to download RootRepeal from the link you provided and it didn't work. So I googled it and came up with a site explaining it and providing download supposedly of the latest version. I downloaded RealRepeal.rar and couldn't do anything with it, so had to download a trial version of WinRar x86 to decompress it. That seemed to work fine. When I ran RootRepeal the first time (after configuring it as you directed) I first got an error msg "Invalid PE image found OK" so I clicked on Ok and the program ran generating a number of onscreen messages.

It listed a number ofc:\..... temp\*.tmp files and hiberfile.sys plus a half dozen c:\.....local settings\temp\afx*.tmp files with the comments on the right side of the screen "allocation size mismatch (API:4096,Raw:0) x6 and (API:16384,Raw:0) x~13.

e:\....\hi Art to John2.doc with the comments on the right side of the screen "API:23388,Raw:8192"

Volume G:\ with the comments on the right side "MBR Rootkit detected"

Could not read the boot sector
Try adjusting the Disk Access level in the Options Dialog. OK

I pressed ENTER and it generated the following report:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/03/13 16:17
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB09CA000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA60E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA602000 Size: 7936 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: MDFSYSNT.sys
Image Path: MDFSYSNT.sys
Address: 0xB9D39000 Size: 284416 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xAE565000 Size: 180608 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9E22000 Size: 574976 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAC815000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\mcmsc_8jbjybgxa9lonjf
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_s6rxvt22phadydh
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_qjrnwbaxgcwrghv
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_tyjojazdmxjfjia
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ywj3yp9wobdyrdw
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_9x9ayuujp6vr0a7
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afx10.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afx16.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afx17.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afx5.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afx6.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afx7.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afx8.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afx9.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afxa.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afxd.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afxe.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\art\local settings\temp\afxf.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: e:\my documents\documents and settings\art's documents\computer and software stuff\hi art from john2.doc
Status: Allocation size mismatch (API: 12288, Raw: 8192)

Path: Volume G:\
Status: MBR Rootkit Detected!

SSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xb0ae0320

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x8a262020]
Process: System Address: 0x8a2962a0 Size: 292

==EOF==

**JohnB151** · 03-14-2010 11:49 AM

Hi,

Thanks for pointing out that the link is dead, I changed it now. The logs contained some suspicious things so let's run another scanner and check some files.

Step 1: Show your hidden files
To enable the viewing of Hidden files follow these steps:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon (or click Start, then select My Computer)
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.

Now your computer is configured to show all hidden files.

Step 2: Upload malware for scanning
I'd like you to check some files for malware.

Go to VirusTotal or Jotti's

c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs

Click Browse and browse to the destination of the first file in the above box.
Click Send/Submit (if the file is present), and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programs.
After a while, a window will open, with details of what the scans found.
Save the complete results in a Notepad/Word document on your desktop.
Repeat for all files on the list.

Step 3: Download and Run ComboFix
Please visit this webpage for download links, and instructions for running the tool:
A guide and tutorial on using ComboFix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

If you have Avast as anti virus an additional thing has to be changed to make ComboFix work properly:

Go on with the ComboFix guide when it opens its log please post it.

Remember that the ComboFix log is also saved here: C:\ComboFix.txt

Regards,
John.

Thread: Performance and shutdown problems

LinkBack

Thread Tools

Performance and shutdown problems

Attempted running DDS and Gmer

RootRepeal results