TechSpot

Auto shutdown, trouble running any fix programs

By NEWB023
Jan 17, 2011
  1. HI all, wife was given laptop by friend we were told "it doesnt work has too many porn viruses" (haha!) ... Logged on was able to install, update, and run MBAM then it prompted a restart when i rebooted, system will not stay on for more than a few minutes... windows comes up, loads, then once all her 90,000 apps all finish loading (weather bug, desktop photo etc etc) the thing shuts off... appears to need everything updated including several important windows updates, needs new anti virus, is using only defender as a firewall...any tips?
    what should i tackle first? any ways to get it to stay on?
    thanks ahead of time!~!
    Rob
     
  2. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    update

    ok i got the thing to stay on in safe w networking mode...
    tried to run tfc first... it froze for over an hour so i stopped it and it pooped "desktop.ini" files everywhere....
    am going to attempt the 8 step in order and will post any logs i generate
    thanks and sorry if i jumped the gun
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If someone turned me on and I had 90,000 apps on my back-if I started up at all-I would soon crash!

    Seeing the desktop.ini file on the desktop usually indicated that the files and folders that should be hidden are showing:
    Control Panel> Folder Options> View tab> Check 'do not show hidden files and folders'> Check ''hide operating system files (Recommended)'> Apply> OK. Close Folder Options.

    You may not be able to load TFC at this point, so do a disk cleanup' instead.

    Right click on Start> Choose> Explore> Click on My Computer> Right click on Local Drive (C)> Properties> Uncheck 'Compress drive.............'> Uncheck 'Allow indexing.............'
    Then click on Disc Cleanup> follow the onscreen prompts.
    When finished> choose Tools tab> Defrag> Let the defrag run and reboot the computer when finished.

    Please give me information about the operating system and how much RAM is installed when you leave the logs.
     
  4. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    Logs...

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5544

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    1/17/2011 11:52:25 PM
    mbam-log-2011-01-17 (23-52-25).txt

    Scan type: Quick scan
    Objects scanned: 164474
    Time elapsed: 11 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\Users\new user\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Delete on reboot.
    c:\Users\new user\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\Users\new user\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Users\new user\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\Users\new user\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\Users\new user\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\Users\new user\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\Users\new user\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.xpt (PUP.PlaySushi) -> Quarantined and deleted successfully.
    ....
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-18 00:36:21
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BB2O
    Running: yoyehlde.exe; Driver: C:\Users\NEWUSE~1\AppData\Local\Temp\fgtdyfog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9865982E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x98659652]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9865978C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85A131F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\iaStor \Device\Ide\iaStor0 [88D836D0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\iaStor0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort0 85A131F8
    Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort1 85A131F8
    Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [88D836D0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device aswSP.SYS (avast! self protection module/AVAST Software)
    Device 85A151F8
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS

    ---- EOF - GMER 1.0.15 ----
     
  5. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    Logs pt 2

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/17/2007 6:55:51 PM
    System Uptime: 1/17/2011 11:55:13 PM (1 hours ago)

    Motherboard: Acer | | Nettiling
    Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | uPGA-478 | 1467/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 51 GiB total, 1.873 GiB free.
    D: is FIXED (NTFS) - 51 GiB total, 8.406 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0001
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TUNMP\0001
    Service: tunmp

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Broadcom NetLink (TM) Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011E1025&REV_02\4&185174AE&0&00E2
    Manufacturer: Broadcom
    Name: Broadcom NetLink (TM) Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011E1025&REV_02\4&185174AE&0&00E2
    Service: b57nd60x

    ==== System Restore Points ===================

    RP1059: 1/17/2011 9:35:51 PM - Windows Update
    RP1060: 1/17/2011 10:26:35 PM - Windows Update
    RP1061: 1/17/2011 10:41:57 PM - Windows Update
    RP1062: 1/17/2011 10:46:32 PM - Windows Update
    RP1063: 1/17/2011 10:49:28 PM - Windows Update
    RP1064: 1/17/2011 10:53:06 PM - Windows Update
    RP1065: 1/17/2011 10:55:56 PM - Windows Update
    RP1066: 1/17/2011 10:58:36 PM - Windows Update
    RP1067: 1/17/2011 11:50:47 PM - Windows Update
    RP1068: 1/18/2011 12:13:59 AM - Removed Symantec AntiVirus.

    ==== Installed Programs ======================

    µTorrent
    AAC Decoder
    Acer Assist
    Acer Crystal Eye
    Acer Crystal Eye webcam
    Acer eAudio Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer Registration
    Acer ScreenSaver
    Ad-Aware
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9.2
    Adobe Stock Photos 1.0
    ALPS Touch Pad Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoCAD 2009 Network License Activation Utility
    Autodesk CAD Manager Tools
    Autodesk Design Review 2009
    Autodesk DWF Viewer
    Autodesk Network License Manager
    AutoUpdate
    avast! Free Antivirus
    Bonjour
    Cisco Clean Access Agent
    Crystal Reports Basic for Visual Studio 2008
    D3DX10
    Data Lifeguard Diagnostic for Windows
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    Dogpile Bundle Toolbar
    EuroTalk Talk Now!
    FrostWire 4.17.2
    Full Tilt Poker
    Galapago
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    H.264 Decoder
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_04
    Java(TM) 6 Update 23
    Java(TM) 6 Update 4
    Java(TM) 6 Update 7
    Keyboarding Pro 4
    Launch Manager
    LightScribe 1.4.142.1
    LiveUpdate 3.2 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Merriam-Webster
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Device Emulator version 3.0 - ENU
    Microsoft Document Explorer 2008
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    Microsoft Windows SDK for Visual Studio 2008 Tools
    Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    MKV Splitter
    Mobile Broadband Drivers
    MobileMe Control Panel
    Mozilla Firefox (3.5.15)
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    OpenMG Jukebox
    PartyPoker
    Picasa 3
    Playsushi
    PokerStars
    PowerDVD
    PowerProducer 3.72
    QuickTime
    Realtek High Definition Audio Driver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    ShopAtHome.com Toolbar
    Skype Toolbars
    Skype™ 5.0
    Sport Bet Poker
    Sportsbook.com
    The Weather Channel Desktop 6
    TI Connect 1.6
    TI NoteFolio Creator
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2466076)
    UTStarcom USB Modem Software
    VBA (2627.01)
    VC80CRTRedist - 8.0.50727.4053
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    VLC media player 1.0.3
    Vuze
    WD Diagnostics
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    1/18/2011 12:01:27 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
    1/17/2011 8:52:32 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ANJA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{415A3812-51BE-4A4F-A84B-D17EA5F924. The master browser is stopping or an election is being forced.
    1/17/2011 6:24:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Live Essentials 2011 (KB2434419).
    1/17/2011 11:55:37 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    1/17/2011 11:01:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2483110).
    1/17/2011 10:59:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 (KB2412171).

    ==== End Of File ===========================
    ...


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by new user at 0:45:21.99 on Tue 01/18/2011
    Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_23
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.955 [GMT -8:00]

    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Acer\ALaunch\ALaunchSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\BR040286.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SelectRebates\SelectRebates.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\NEWUSE~1\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\new user\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://en.us.acer.yahoo.com/
    uSEARCH PAGE = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://en.us.acer.yahoo.com
    mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
    uURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe AcPro7_1_0 -reboot 1
    uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [Google Update] "c:\users\new user\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [ALaunch] c:\acer\alaunch\AlaunchClient.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [BisonInst0402] c:\windows\BR040286.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [eRecoveryService]
    mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
    mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
    mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
    mRun: [SetPanel] c:\acer\apanel\APanel.cmd
    mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Skytel] Skytel.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [NWEReboot]
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    StartupFolder: c:\users\newuse~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\users\newuse~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office12\GROOVE.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgentLauncher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
    Trusted Zone: microsoft.com\office
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: eNetHook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\newuse~1\appdata\roaming\mozilla\firefox\profiles\g6v6we0v.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\users\new user\appdata\roaming\mozilla\firefox\profiles\g6v6we0v.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\new user\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\new user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\new user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: PlaySushi TextLinks : textlinks@playsushi.com - %profile%\extensions\textlinks@playsushi.com
    FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-10 42392]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-17 294608]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
    R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-8-30 50688]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-17 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-17 51280]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-17 40384]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2007-8-30 32256]
    R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-9 21504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-1 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-8-30 179712]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-4-19 99200]
    S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [2008-7-17 84352]
    S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [2008-7-17 14976]
    S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [2008-7-17 110848]
    S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [2008-7-17 90880]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    SUnknown EraserUtilRebootDrv;EraserUtilRebootDrv; [x]

    =============== Created Last 30 ================

    2011-01-18 07:51:58 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{95a0002c-4158-488f-ab81-2fff0fd06ecb}\mpengine.dll
    2011-01-18 06:40:23 -------- d-----w- c:\windows\en
    2011-01-18 06:32:22 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-01-18 06:32:22 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-01-18 06:32:21 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-01-18 06:32:01 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2011-01-17 12:08:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-17 12:08:42 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-01-17 12:06:26 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-17 12:06:25 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2011-01-17 12:06:24 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
    2011-01-17 12:06:24 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2011-01-17 12:06:24 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2011-01-17 12:06:24 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2011-01-17 12:06:19 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-17 12:00:49 754688 ----a-w- c:\windows\system32\webservices.dll
    2011-01-17 11:20:36 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-17 11:20:32 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-17 11:20:28 -------- d-----w- c:\progra~2\Alwil Software
    2011-01-10 09:54:40 -------- d-----w- c:\users\newuse~1\appdata\roaming\Malwarebytes
    2011-01-10 09:54:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-10 09:54:28 -------- d-----w- c:\progra~2\Malwarebytes
    2011-01-10 09:54:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-10 09:54:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    ==================== Find3M ====================

    2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll

    ============= FINISH: 0:46:33.07 ===============
    ...

    AS FAR AS THE H/W....sorry caps lock hahha
    its vista home premium laptop... the h/d is almost full but ive taken your disk cleanup inst.. and deleted alot of excess startus programs, done all the vital windows updates.. there are still 2 windows updates that keep failing but it did like 10 that it said were important. acting very stable now... hows it look based on the logs?
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    IF you have uninstalled programs and taken processes off of Startup, I'm going to need some new logs to evaluate- if you can get them on the system:

    First, uninstall GMER and DDS> check in Add/Remove Programs. IF there are any logs for them on the desktop, do a right click> Delete.
    ============================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ========================================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    Due to this comment> ""it doesnt work has too many porn viruses"" please don't be surprised if this ends with my recommendation to do a reformat/reinstall- which is what you should have done in the first place.
     
  7. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    thanks!~!

    thanks for the heads-up bobbye,
    a little bit of an update....apparently the battery stopped taking any kind of charge and we cannot get the thing to even turn on right now.... my wifes friend thought she had a backup battery... and took the thing back to try to get her personal photos and files off of it... so at the time being im kind of at an impass as far as being able to do any further work on it.. kind of frustrating as since i made it fairly stable the idea of her not wanting the laptop anymore kind of mutated into 'ill let you borrow it after i get my pics off.... thanks tone for the help and I hope this doesnt jeopardize my good standing on this site as a friendly albeit computer illiterate help seeker... thanks again bobbye!~!
    regards,
    r
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thank you for taking the time to update me. You got the short end of the straw! How strange it was that someone gave the computer up because "it doesnt work has too many porn viruses" and now wants it back to get their personal files and photos off of it.

    Surely you won't tell that person that they will infect a flash drive or the backup drive because they will get the pron and viruses with their docs and pictures.

    Life is strange sometimes and justice can work in mysterious ways!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...