Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: debwins on March 24, 2012, 08:01:11 PM
-
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.24.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Tammy :: TAMMY-PC [administrator]
3/24/2012 6:30:40 PM
mbam-log-2012-03-24 (18-30-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225078
Time elapsed: 17 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/24/2012 at 09:18 PM
Application Version : 5.0.1146
Core Rules Database Version : 8377
Trace Rules Database Version: 6189
Scan type : Complete Scan
Total Scan Time : 01:14:55
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 620
Memory threats detected : 0
Registry items scanned : 34471
Registry threats detected : 0
File items scanned : 58192
File threats detected : 9
Adware.Tracking Cookie
C:\USERS\TAMMY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OBK6S21U.txt [ Cookie:[email protected]/ ]
C:\USERS\TAMMY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JIQEAX2W.txt [ Cookie:[email protected]/ ]
C:\USERS\TAMMY\AppData\Roaming\Microsoft\Windows\Cookies\Low\AC8R0ICC.txt [ Cookie:[email protected]/ ]
C:\USERS\TAMMY\AppData\Roaming\Microsoft\Windows\Cookies\Low\HFOFSIO9.txt [ Cookie:[email protected]/ ]
C:\USERS\TAMMY\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8HXRL1V.txt [ Cookie:[email protected]/ ]
C:\USERS\TAMMY\AppData\Roaming\Microsoft\Windows\Cookies\Low\QAZTPKQV.txt [ Cookie:[email protected]/ ]
C:\USERS\TAMMY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5DYSCY5X.txt [ Cookie:[email protected]/ ]
C:\USERS\TAMMY\AppData\Roaming\Microsoft\Windows\Cookies\Low\F6S0RWE9.txt [ Cookie:[email protected]/adserving ]
s0.2mdn.net [ C:\USERS\TAMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HLQ5AWKY ]
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/14/2009 12:58:32 PM
System Uptime: 3/24/2012 5:59:07 PM (2 hours ago)
.
Motherboard: eMachines | | MCP61PM-GM
Processor: AMD Athlon(tm) Dual Core Processor 4050e | Socket AM2
| 2100/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 153.826 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is CDROM (CDFS)
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3ivx D4 4.5.1 Decoder (remove only)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
Agere Systems PCI-SV92PP Soft Modem
AnalogX AutoTune
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i 3
ArcSoft VideoImpression 2
ArcSoft WebCam Companion 2
ASIO4ALL
Audacity 1.3.12 (Unicode)
AVG 2012
Bandoo
BFlix Toolbar
BigFix
Bing Bar Platform
Bing Rewards Client Installer
Bonjour
Canon MP280 series MP Drivers
CCleaner
Chuzzle Deluxe
Cisco Connect
CommentsBar_-_Social_Comments Toolbar
Compatibility Pack for the 2007 Office system
Crossrider Web Apps
CyberLink LabelPrint
CyberLink Power2Go
Deluge 1.1.4
Digital Media Reader
Download Updater (AOL LLC)
Drumaxx
EA Download Manager
eMachines Games
eMachines Recovery Management
Facebook Video Calling 1.1.1.1
FL Studio 9
Free Realms
GameHouse
GearDrvs
Google Earth Plug-in
Google Update Helper
GTK2-Runtime
Hardwood Euchre
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Button Manager
HP Webcam User's Guide
IL Download Manager
iLivid
Insider Tales - The Stolen Venus
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Kies mini
kSolo Recorder
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
LSI PCI-SV92PP Soft Modem
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86
8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86
9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft Zoo Tycoon
Move Media Player
MyDefrag v4.3.1
MyRingToneServer
NVIDIA Drivers
OpenAL
Planet Horse Demo 1.0
PoiZone
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
Safari
Sakura
SAMSUNG USB Driver for Mobile Phones
Sawer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit
Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764)
32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912)
32-Bit Edition
Skype Click to Call
Skype™ 5.8
Softonic-Eng7 Toolbar
SUPERAntiSpyware
The Sims 2 Open For Business
The Sims 2 Pets
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Deluxe
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 University Life Collection
The Sims™ 3
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features
(KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live ID Sign-in Assistant
WinZip 14.5
.
==== Event Viewer Messages From Past Week ========
.
3/24/2012 5:32:37 PM, Error: Service Control Manager [7016] - The
NVIDIA Display Driver Service service has reported an invalid current
state 32.
3/24/2012 5:27:31 PM, Error: Service Control Manager [7032] - The
Service Control Manager tried to take a corrective action (Restart the
service) after the unexpected termination of the Windows Search
service, but this action failed with the following error: An instance of
the service is already running.
3/24/2012 5:27:31 PM, Error: Service Control Manager [7031] - The
Windows Search service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 30000
milliseconds: Restart the service.
3/24/2012 5:27:31 PM, Error: Service Control Manager [7024] - The
Windows Search service terminated with service-specific error
2147749155 (0x80040D23).
3/24/2012 3:53:50 PM, Error: Service Control Manager [7026] - The
following boot-start or system-start driver(s) failed to load: Avgldx86
Avgmfx86 spldr Wanarpv6
3/24/2012 3:53:50 PM, Error: Service Control Manager [7001] - The
Computer Browser service depends on the Server service which failed
to start because of the following error: The dependency service or
group failed to start.
3/24/2012 3:53:29 PM, Error: Microsoft-Windows-DistributedCOM
[10005] - DCOM got error "1084" attempting to start the service
WSearch with arguments "" in order to run the server: {7D096C5F-
AC08-4F1F-BEB7-5C22C517CE39}
3/24/2012 3:53:18 PM, Error: Microsoft-Windows-DistributedCOM
[10005] - DCOM got error "1084" attempting to start the service
WSearch with arguments "" in order to run the server: {9E175B6D-
F52A-11D8-B9A5-505054503030}
3/24/2012 3:53:11 PM, Error: Microsoft-Windows-DistributedCOM
[10005] - DCOM got error "1068" attempting to start the service
fdPHost with arguments "" in order to run the server: {145B4335-FE2A
-4927-A040-7C35AD3180EF}
3/24/2012 3:53:06 PM, Error: Microsoft-Windows-DistributedCOM
[10005] - DCOM got error "1084" attempting to start the service
EventSystem with arguments "" in order to run the server: {1BE1F766-
5536-11D1-B726-00C04FB926AF}
3/24/2012 3:52:50 PM, Error: Microsoft-Windows-DistributedCOM
[10005] - DCOM got error "1084" attempting to start the service
ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
3/24/2012 3:52:33 PM, Error: EventLog [6008] - The previous system
shutdown at 12:30:47 AM on 3/22/2012 was unexpected.
3/22/2012 12:24:59 AM, Error: EventLog [6008] - The previous
system shutdown at 11:40:35 PM on 3/21/2012 was unexpected.
3/21/2012 11:25:43 PM, Error: EventLog [6008] - The previous system
shutdown at 8:00:37 PM on 3/21/2012 was unexpected.
3/20/2012 3:44:29 PM, Error: EventLog [6008] - The previous system
shutdown at 3:42:10 PM on 3/20/2012 was unexpected.
3/20/2012 3:42:10 PM, Error: EventLog [6008] - The previous system
shutdown at 3:39:29 PM on 3/20/2012 was unexpected.
3/20/2012 3:32:55 PM, Error: Service Control Manager [7011] - A
timeout (30000 milliseconds) was reached while waiting for a
transaction response from the stisvc service.
3/20/2012 3:31:31 PM, Error: Service Control Manager [7011] - A
timeout (30000 milliseconds) was reached while waiting for a
transaction response from the Netman service.
3/19/2012 8:34:34 AM, Error: EventLog [6008] - The previous system
shutdown at 8:32:43 AM on 3/19/2012 was unexpected.
3/19/2012 4:21:40 PM, Error: EventLog [6008] - The previous system
shutdown at 4:19:26 PM on 3/19/2012 was unexpected.
3/19/2012 3:53:10 PM, Error: nvstor32 [5] - A parity error was
detected on \Device\RaidPort0.
3/18/2012 4:41:30 PM, Error: EventLog [6008] - The previous system
shutdown at 3:47:58 PM on 3/18/2012 was unexpected.
3/18/2012 3:45:26 PM, Error: EventLog [6008] - The previous system
shutdown at 3:43:04 PM on 3/18/2012 was unexpected.
3/18/2012 12:40:09 AM, Error: EventLog [6008] - The previous
system shutdown at 11:58:06 PM on 3/17/2012 was unexpected.
3/18/2012 1:28:40 PM, Error: EventLog [6008] - The previous system
shutdown at 1:26:41 PM on 3/18/2012 was unexpected.
3/17/2012 3:19:44 AM, Error: Service Control Manager [7016] - The
MgiSvr service has reported an invalid current state 32.
3/17/2012 12:33:00 AM, Error: EventLog [6008] - The previous
system shutdown at 3:43:42 PM on 3/16/2012 was unexpected.
3/17/2012 11:58:54 PM, Error: Service Control Manager [7011] - A
timeout (30000 milliseconds) was reached while waiting for a
transaction response from the AudioEndpointBuilder service.
3/17/2012 1:16:46 AM, Error: Service Control Manager [7022] - The
Background Intelligent Transfer Service service hung on starting.
3/17/2012 1:16:46 AM, Error: Service Control Manager [7009] - A
timeout was reached (30000 milliseconds) while waiting for the
Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Tammy at 19:29:07 on 2012-03-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1393 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Bandoo\Bandoo.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Windows\System32\LVCOMSX.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?mtmhp=acm50mtmhpunauthgreeting
uSearch Bar = Preserve
mStart Page = hxxp://search.entru.com/?s=21982
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom0.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom0.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - c:\program files\crossriderwebapps\Crossrider.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll
TB: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - No File
TB: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom0.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCW
lEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctMTEwNjc0NzYxNi1CQSsxLUtWMys3LVhMKzEtVDEtVUNBTEwrMS1VQ0FMTDIrMi1UQjkrMi1GTCs5LVhP
MzYrMS1GOU03Qys1LUY5TTEwQisxLUY5TTIrMS1 GTDEwKzEtTElDKzItRERUKzQ4MDI5LUxTRCsyLU REMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBTisx
LUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUY xME0xMkFUQk4rMS1GMTBNMTJCKzEtU1QxMEZPSS sx"&"prod=90"&"ver=10.0.1411
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ABF127C2-0520-4364-BA2A-AAB26DA78954} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\bandoo\bndhook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-2-14 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca88d63856a6cc;Google Update Service (gupdate1ca88d63856a6cc);c:\program files\google\update\GoogleUpdate.exe [2009-12-29 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-5-8 20032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-29 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-12-4 12984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-24 20:17:24 -------- d-----w- c:\users\tammy\appdata\roaming\SUPERAntiSpyware.com
2012-03-24 20:16:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-24 20:16:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-17 05:28:28 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 05:28:27 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-17 05:28:27 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-17 05:28:27 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-17 05:28:27 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-17 05:28:27 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 05:28:26 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-17 05:28:06 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-17 05:28:06 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 00:25:22 73216 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAA.DLL
2012-03-13 00:25:22 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAA.DLL
2012-03-13 00:24:31 290816 ----a-w- c:\windows\system32\CNMLMAA.DLL
2012-03-13 00:22:15 307200 ----a-w- c:\windows\system32\CNC280L.dll
2012-03-13 00:22:15 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2012-03-13 00:22:15 1335296 ----a-w- c:\windows\system32\CNC280C.dll
2012-03-13 00:22:15 114688 ----a-w- c:\windows\system32\CNC280I.dll
2012-03-13 00:22:15 106496 ----a-w- c:\windows\system32\CNC280U.dll
2012-03-08 23:09:21 2180096 ----a-w- c:\windows\system32\drivers\lvsvf2.sys
2012-03-08 23:09:21 204800 ----a-w- c:\windows\system32\LVUI2.dll
2012-03-08 23:09:21 1317152 ----a-w- c:\windows\system32\drivers\lvcm.sys
2012-03-08 23:09:20 372736 ----a-w- c:\windows\system32\LVUI2RC.dll
2012-03-08 23:09:20 22016 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2012-03-08 23:09:20 204800 ----a-w- c:\windows\system32\lvcodec2.dll
2012-03-08 23:09:20 106496 ----a-w- c:\windows\system32\lvcoinst.dll
2012-03-08 22:55:15 53248 ----a-r- c:\windows\system32\InstMed.exe
2012-03-08 22:51:15 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-03-08 22:51:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-03-08 22:51:14 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-03-08 22:51:13 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-03-08 22:51:12 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-03-08 22:51:10 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-03-08 22:42:59 -------- d-----w- c:\program files\common files\Logitech
2012-03-08 22:42:10 306688 ----a-w- c:\windows\IsUninst.exe
2012-03-07 13:12:19 -------- d-----w- c:\users\tammy\appdata\local\Logitech-LS
2012-03-06 21:16:01 462848 ----a-w- c:\windows\system32\LCamCpl.dll
2012-03-06 21:16:01 29795 ----a-w- c:\windows\system32\ITIG726.acm
2012-03-06 21:16:01 282624 ----a-w- c:\windows\system32\camcpl.cpl
2012-03-06 21:16:01 215552 ----a-w- c:\windows\system32\Lvkrn12n.dll
2012-03-06 21:16:00 86016 ----a-w- c:\windows\system32\vatee.ax
2012-03-06 21:16:00 628736 ----a-w- c:\windows\system32\ltocx12n.ocx
2012-03-06 21:16:00 192512 ----a-w- c:\windows\system32\ltscr12n.ocx
2012-03-06 21:15:59 90112 ----a-w- c:\windows\system32\LQCUI2.dll
2012-03-06 21:15:59 856064 ----a-w- c:\windows\system32\Ltwvc12n.dll
2012-03-06 21:15:59 78336 ----a-w- c:\windows\system32\lffax12n.dll
2012-03-06 21:15:59 466944 ----a-w- c:\windows\system32\QCUI2.dll
2012-03-06 21:15:59 406016 ----a-w- c:\windows\system32\ltkrn12n.dll
2012-03-06 21:15:59 328704 ----a-w- c:\windows\system32\LFCMP12n.DLL
2012-03-06 21:15:59 30720 ----a-w- c:\windows\system32\lfbmp12n.dll
2012-03-06 21:15:59 259072 ----a-w- c:\windows\system32\LTDIS12n.dll
2012-03-06 21:15:59 207872 ----a-w- c:\windows\system32\ltefx12n.dll
2012-03-06 21:15:59 164864 ----a-w- c:\windows\system32\ltimg12n.dll
2012-03-06 21:15:59 141312 ----a-w- c:\windows\system32\lftif12n.dll
2012-03-06 21:15:59 131072 ----a-w- c:\windows\system32\ltfil12n.DLL
2012-03-06 21:14:01 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-03-06 20:51:38 -------- d-----w- c:\users\tammy\appdata\roaming\FotoWire
2012-03-06 20:51:36 -------- d-----w- c:\program files\common files\FotoWire
2012-03-06 20:50:27 89088 ----a-w- c:\windows\system32\atl71.dll
2012-03-06 20:50:27 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL
2012-03-06 20:50:27 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL
2012-03-06 20:50:27 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL
2012-03-06 20:50:27 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2012-03-06 20:50:27 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL
2012-03-06 20:50:27 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL
2012-03-06 20:50:27 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2012-03-06 20:50:27 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2012-03-06 20:49:14 81920 ------w- c:\windows\bwUnin-6.1.4.68-8876480L.exe
.
==================== Find3M ====================
.
2012-03-24 22:57:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 19:29:52.30 ===============
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.24.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Tammy :: TAMMY-PC [administrator]
3/24/2012 6:30:40 PM
mbam-log-2012-03-24 (18-30-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225078
Time elapsed: 17 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Download BlueScreenView to your desktop.
BlueScreenView (http://www.nirsoft.net/utils/blue_screen_view.html)
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.
***************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
TB: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - No File
TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
:COMMANDS
[resethosts]
[purity]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
-
Sorry for what ever reason I'm not sure if I downloaded it. When I open it it reads bluescreenview.zip - Winrar (evalation copy
-
In the blue screen view C:\windows\minidump there is nothing there.
-
In the blue screen view C:\windows\minidump there is nothing there.
Ok, let's continue with the cleaning.
Did you run the OTL script?
Download Combofix from any of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://"http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html") for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Not sure what otl script is but I did do the combo fix and here are the results. ComboFix 12-03-27.02 - Tammy 03/27/2012 11:18:40.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1765 [GMT -4:00]
Running from: c:\users\Tammy\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\bflixtoolbar
c:\program files\bflixtoolbar\chrome\content\lib\about.xml
c:\program files\bflixtoolbar\chrome\content\lib\dtxpanel.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\bflixtoolbar\chrome\content\lib\external.js
c:\program files\bflixtoolbar\chrome\content\lib\neterror.xhtml
c:\program files\bflixtoolbar\chrome\content\lib\rsspreview.html
c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xml
c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xsl
c:\program files\bflixtoolbar\chrome\content\lib\vmncode.js
c:\program files\bflixtoolbar\chrome\content\lib\wmpstreamer.html
c:\program files\bflixtoolbar\chrome\content\modules\datastore.jsm
c:\program files\bflixtoolbar\chrome\content\modules\nsDragAndDrop.js
c:\program files\bflixtoolbar\chrome\content\neterror.xhtml
c:\program files\bflixtoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\bullet.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\bflixtoolbar\chrome\content\newtab\newtab.html
c:\program files\bflixtoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files\bflixtoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files\bflixtoolbar\chrome\content\preferences.xml
c:\program files\bflixtoolbar\chrome\content\template.xml
c:\program files\bflixtoolbar\chrome\content\toolbar.htm
c:\program files\bflixtoolbar\chrome\content\toolbar.xul
c:\program files\bflixtoolbar\chrome\content\vmncode.js
c:\program files\bflixtoolbar\chrome\content\vmnrsswin.xml
c:\program files\bflixtoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files\bflixtoolbar\chrome\data\product.xml
c:\program files\bflixtoolbar\chrome\data\rss\rss.xml
c:\program files\bflixtoolbar\chrome\data\search\engines.xml
c:\program files\bflixtoolbar\chrome\data\search\search.xsl
c:\program files\bflixtoolbar\chrome\data\weather\icons.xml
c:\program files\bflixtoolbar\chrome\skin\1x1_png
c:\program files\bflixtoolbar\chrome\skin\1x1_white_png
c:\program files\bflixtoolbar\chrome\skin\about.gif
c:\program files\bflixtoolbar\chrome\skin\about_logo.png
c:\program files\bflixtoolbar\chrome\skin\arcade_png
c:\program files\bflixtoolbar\chrome\skin\babylon_logo.png
c:\program files\bflixtoolbar\chrome\skin\bflix_logo_png
c:\program files\bflixtoolbar\chrome\skin\blank_png
c:\program files\bflixtoolbar\chrome\skin\bluelite.gif
c:\program files\bflixtoolbar\chrome\skin\bluesky.gif
c:\program files\bflixtoolbar\chrome\skin\btn-search-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-search.png
c:\program files\bflixtoolbar\chrome\skin\btn-settings-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-settings.png
c:\program files\bflixtoolbar\chrome\skin\btn-widgets-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-widgets.png
c:\program files\bflixtoolbar\chrome\skin\btn_settings.png
c:\program files\bflixtoolbar\chrome\skin\ca.png
c:\program files\bflixtoolbar\chrome\skin\dictionary.png
c:\program files\bflixtoolbar\chrome\skin\divider.png
c:\program files\bflixtoolbar\chrome\skin\downloadcom.png
c:\program files\bflixtoolbar\chrome\skin\dtxlogo.png
c:\program files\bflixtoolbar\chrome\skin\email.png
c:\program files\bflixtoolbar\chrome\skin\email_on.png
c:\program files\bflixtoolbar\chrome\skin\facebook.png
c:\program files\bflixtoolbar\chrome\skin\facebook_png
c:\program files\bflixtoolbar\chrome\skin\games.png
c:\program files\bflixtoolbar\chrome\skin\Games_png
c:\program files\bflixtoolbar\chrome\skin\graphna.png
c:\program files\bflixtoolbar\chrome\skin\graphred0.png
c:\program files\bflixtoolbar\chrome\skin\graphred0_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred1.png
c:\program files\bflixtoolbar\chrome\skin\graphred1_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred2.png
c:\program files\bflixtoolbar\chrome\skin\graphred2_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred3.png
c:\program files\bflixtoolbar\chrome\skin\graphred3_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred4.png
c:\program files\bflixtoolbar\chrome\skin\graphred4_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred5.png
c:\program files\bflixtoolbar\chrome\skin\graphredna.png
c:\program files\bflixtoolbar\chrome\skin\grey.gif
c:\program files\bflixtoolbar\chrome\skin\ico-shield.png
c:\program files\bflixtoolbar\chrome\skin\images.png
c:\program files\bflixtoolbar\chrome\skin\lfg_smll_png
c:\program files\bflixtoolbar\chrome\skin\lib\add.png
c:\program files\bflixtoolbar\chrome\skin\lib\alexabutton.css
c:\program files\bflixtoolbar\chrome\skin\lib\aol.png
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-up.gif
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files\bflixtoolbar\chrome\skin\lib\blank.gif
c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets.png
c:\program files\bflixtoolbar\chrome\skin\lib\btn_slider.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnback-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnright-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter.png
c:\program files\bflixtoolbar\chrome\skin\lib\checkmark.png
c:\program files\bflixtoolbar\chrome\skin\lib\chevron.png
c:\program files\bflixtoolbar\chrome\skin\lib\collapse.png
c:\program files\bflixtoolbar\chrome\skin\lib\comcast.png
c:\program files\bflixtoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files\bflixtoolbar\chrome\skin\lib\dtx-test.css
c:\program files\bflixtoolbar\chrome\skin\lib\dtx.css
c:\program files\bflixtoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files\bflixtoolbar\chrome\skin\lib\edit-back.png
c:\program files\bflixtoolbar\chrome\skin\lib\embarq.png
c:\program files\bflixtoolbar\chrome\skin\lib\expand.png
c:\program files\bflixtoolbar\chrome\skin\lib\fast.png
c:\program files\bflixtoolbar\chrome\skin\lib\found.png
c:\program files\bflixtoolbar\chrome\skin\lib\gmail.png
c:\program files\bflixtoolbar\chrome\skin\lib\gripper.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_blue.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_lime.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files\bflixtoolbar\chrome\skin\lib\hotmail.png
c:\program files\bflixtoolbar\chrome\skin\lib\ico-check.png
c:\program files\bflixtoolbar\chrome\skin\lib\imap.png
c:\program files\bflixtoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\bflixtoolbar\chrome\skin\lib\launchers.css
c:\program files\bflixtoolbar\chrome\skin\lib\loadingMid.gif
c:\program files\bflixtoolbar\chrome\skin\lib\lock.png
c:\program files\bflixtoolbar\chrome\skin\lib\logo-separator.png
c:\program files\bflixtoolbar\chrome\skin\lib\mailcom.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\minus.gif
c:\program files\bflixtoolbar\chrome\skin\lib\modify.png
c:\program files\bflixtoolbar\chrome\skin\lib\move.gif
c:\program files\bflixtoolbar\chrome\skin\lib\movetarget.png
c:\program files\bflixtoolbar\chrome\skin\lib\newsitem.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\main.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\bflixtoolbar\chrome\skin\lib\panels\footer.htm
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameData.js
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\games.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\scroll.png
c:\program files\bflixtoolbar\chrome\skin\lib\plus.gif
c:\program files\bflixtoolbar\chrome\skin\lib\pop.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\track.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files\bflixtoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files\bflixtoolbar\chrome\skin\lib\rank0.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank0_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank1.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank1_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank2.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank2_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank3.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank3_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank4.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank4_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rankna.png
c:\program files\bflixtoolbar\chrome\skin\lib\reload.png
c:\program files\bflixtoolbar\chrome\skin\lib\remove.png
c:\program files\bflixtoolbar\chrome\skin\lib\rename.gif
c:\program files\bflixtoolbar\chrome\skin\lib\resize-box.gif
c:\program files\bflixtoolbar\chrome\skin\lib\rss.png
c:\program files\bflixtoolbar\chrome\skin\lib\rsschannelback.png
c:\program files\bflixtoolbar\chrome\skin\lib\RSSLogo.png
c:\program files\bflixtoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files\bflixtoolbar\chrome\skin\lib\scroll-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\scroll-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\search-go.png
c:\program files\bflixtoolbar\chrome\skin\lib\search.png
c:\program files\bflixtoolbar\chrome\skin\lib\separator.png
c:\program files\bflixtoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files\bflixtoolbar\chrome\skin\lib\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\bflixtoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\template.html
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\template.xml
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton.css
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files\bflixtoolbar\chrome\skin\lib\yahoo.png
c:\program files\bflixtoolbar\chrome\skin\lichen.gif
c:\program files\bflixtoolbar\chrome\skin\Linked_in_png
c:\program files\bflixtoolbar\chrome\skin\logo-about.png
c:\program files\bflixtoolbar\chrome\skin\logo-over.png
c:\program files\bflixtoolbar\chrome\skin\logo-separator.png
c:\program files\bflixtoolbar\chrome\skin\logo.png
c:\program files\bflixtoolbar\chrome\skin\mail.png
c:\program files\bflixtoolbar\chrome\skin\menuseparatorback.gif
c:\program files\bflixtoolbar\chrome\skin\modify-save.png
c:\program files\bflixtoolbar\chrome\skin\modify.png
c:\program files\bflixtoolbar\chrome\skin\modifyhot.png
c:\program files\bflixtoolbar\chrome\skin\music.png
c:\program files\bflixtoolbar\chrome\skin\music_png
c:\program files\bflixtoolbar\chrome\skin\Myspace_png
c:\program files\bflixtoolbar\chrome\skin\namespacetoolbar.css
c:\program files\bflixtoolbar\chrome\skin\news.png
c:\program files\bflixtoolbar\chrome\skin\options-main.png
c:\program files\bflixtoolbar\chrome\skin\options-search.png
c:\program files\bflixtoolbar\chrome\skin\options\options-main.png
c:\program files\bflixtoolbar\chrome\skin\options\options-search.png
c:\program files\bflixtoolbar\chrome\skin\options\options-weather.gif
c:\program files\bflixtoolbar\chrome\skin\options\options-weather.png
c:\program files\bflixtoolbar\chrome\skin\options\options-widgets.png
c:\program files\bflixtoolbar\chrome\skin\orange.gif
c:\program files\bflixtoolbar\chrome\skin\p_yahoo.png
c:\program files\bflixtoolbar\chrome\skin\pixsy.png
c:\program files\bflixtoolbar\chrome\skin\ppcbully.png
c:\program files\bflixtoolbar\chrome\skin\protect-id.png
c:\program files\bflixtoolbar\chrome\skin\relatedlinks.png
c:\program files\bflixtoolbar\chrome\skin\rss-collapse.png
c:\program files\bflixtoolbar\chrome\skin\rss-delete.png
c:\program files\bflixtoolbar\chrome\skin\rss-expand.png
c:\program files\bflixtoolbar\chrome\skin\rss-feed.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder-remove.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder-rename.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder.png
c:\program files\bflixtoolbar\chrome\skin\rss-found.png
c:\program files\bflixtoolbar\chrome\skin\rss-reload.png
c:\program files\bflixtoolbar\chrome\skin\rss-subscribe.png
c:\program files\bflixtoolbar\chrome\skin\rss.png
c:\program files\bflixtoolbar\chrome\skin\rssback.gif
c:\program files\bflixtoolbar\chrome\skin\rsstopback.gif
c:\program files\bflixtoolbar\chrome\skin\search-over.png
c:\program files\bflixtoolbar\chrome\skin\search.png
c:\program files\bflixtoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\bflixtoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\bflixtoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\bflixtoolbar\chrome\skin\settings.png
c:\program files\bflixtoolbar\chrome\skin\shopping.png
c:\program files\bflixtoolbar\chrome\skin\siteinfo.png
c:\program files\bflixtoolbar\chrome\skin\skin-bluelite.png
c:\program files\bflixtoolbar\chrome\skin\skin-bluesky.png
c:\program files\bflixtoolbar\chrome\skin\skin-grey.png
c:\program files\bflixtoolbar\chrome\skin\skin-lichen.png
c:\program files\bflixtoolbar\chrome\skin\skin-orange.png
c:\program files\bflixtoolbar\chrome\skin\skin-yellow.png
c:\program files\bflixtoolbar\chrome\skin\skin.xml
c:\program files\bflixtoolbar\chrome\skin\technorati.png
c:\program files\bflixtoolbar\chrome\skin\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\toolbarsplitter.png
c:\program files\bflixtoolbar\chrome\skin\translate.png
c:\program files\bflixtoolbar\chrome\skin\TRUSTe_about.png
c:\program files\bflixtoolbar\chrome\skin\tv_png
c:\program files\bflixtoolbar\chrome\skin\twitter_png
c:\program files\bflixtoolbar\chrome\skin\vmn.css
c:\program files\bflixtoolbar\chrome\skin\vmn.png
c:\program files\bflixtoolbar\chrome\skin\Weather_png
c:\program files\bflixtoolbar\chrome\skin\web.png
c:\program files\bflixtoolbar\chrome\skin\websearch.png
c:\program files\bflixtoolbar\chrome\skin\wikipedia.png
c:\program files\bflixtoolbar\chrome\skin\yahoosearch.png
c:\program files\bflixtoolbar\chrome\skin\yellow.gif
c:\program files\bflixtoolbar\chrome\skin\youtube.png
c:\program files\bflixtoolbar\chrome\skin\zoom.png
c:\program files\bflixtoolbar\components\windowmediator.js
c:\program files\bflixtoolbar\install.ico
c:\program files\bflixtoolbar\manifest.xml
c:\program files\bflixtoolbar\partner.xml
c:\program files\bflixtoolbar\uninstall.exe
c:\program files\bflixtoolbar\vmntemplate.dll
c:\program files\bflixtoolbar\vmntemplateX.dll
c:\windows\bwUnin-6.1.4.68-8876480L.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 15:30 . 2012-03-27 15:30 -------- d-----w- c:\users\Tammy\AppData\Local\temp
2012-03-27 15:10 . 2012-03-27 15:10 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-03-25 19:04 . 2012-03-25 19:50 -------- d-----w- c:\program files\NirSoft
2012-03-25 18:20 . 2012-03-25 18:20 -------- d-----w- c:\program files\Trend Micro
2012-03-24 20:17 . 2012-03-24 20:17 -------- d-----w- c:\users\Tammy\AppData\Roaming\SUPERAntiSpyware.com
2012-03-24 20:16 . 2012-03-24 20:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-24 20:16 . 2012-03-24 20:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-17 05:28 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 05:28 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-17 05:28 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-17 05:28 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-17 05:28 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-17 05:28 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 05:28 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-17 05:28 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-17 05:28 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 00:25 . 2012-03-13 00:25 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-03-13 00:25 . 2012-03-13 00:25 -------- d--h--w- c:\programdata\CanonBJ
2012-03-13 00:25 . 2010-08-25 09:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAA.DLL
2012-03-13 00:25 . 2010-08-25 09:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAA.DLL
2012-03-13 00:24 . 2010-08-25 09:00 290816 ----a-w- c:\windows\system32\CNMLMAA.DLL
2012-03-13 00:22 . 2010-03-18 23:25 307200 ----a-w- c:\windows\system32\CNC280L.dll
2012-03-13 00:22 . 2010-03-18 21:12 1335296 ----a-w- c:\windows\system32\CNC280C.dll
2012-03-13 00:22 . 2010-03-18 21:12 114688 ----a-w- c:\windows\system32\CNC280I.dll
2012-03-13 00:22 . 2010-03-18 21:11 106496 ----a-w- c:\windows\system32\CNC280U.dll
2012-03-13 00:22 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2012-03-10 02:53 . 2012-03-10 02:53 -------- d-----w- c:\program files\Common Files\Skype
2012-03-08 23:09 . 2005-05-27 09:32 1317152 ----a-w- c:\windows\system32\drivers\lvcm.sys
2012-03-08 23:09 . 2005-05-27 09:29 204800 ----a-w- c:\windows\system32\LVUI2.dll
2012-03-08 23:09 . 2005-05-27 09:23 2180096 ----a-w- c:\windows\system32\drivers\lvsvf2.sys
2012-03-08 23:09 . 2005-05-27 09:36 372736 ----a-w- c:\windows\system32\LVUI2RC.dll
2012-03-08 23:09 . 2005-05-27 09:31 22016 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2012-03-08 23:09 . 2005-05-27 09:26 204800 ----a-w- c:\windows\system32\lvcodec2.dll
2012-03-08 23:09 . 2005-05-27 09:19 106496 ----a-w- c:\windows\system32\lvcoinst.dll
2012-03-08 22:55 . 2005-07-19 21:31 53248 ----a-r- c:\windows\system32\InstMed.exe
2012-03-08 22:51 . 2003-11-10 22:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-03-08 22:51 . 2003-11-10 22:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-03-08 22:51 . 2003-11-10 22:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-03-08 22:51 . 2003-11-10 22:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-03-08 22:51 . 2012-03-08 22:51 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-03-08 22:51 . 2012-03-08 22:51 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-03-08 22:42 . 2012-03-08 22:42 -------- d-----w- c:\program files\Common Files\Logitech
2012-03-08 22:42 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-03-07 13:12 . 2012-03-07 13:12 -------- d-----w- c:\users\Tammy\AppData\Local\Logitech-LS
2012-03-06 21:16 . 2005-06-08 19:13 282624 ----a-w- c:\windows\system32\camcpl.cpl
2012-03-06 21:16 . 2005-06-08 19:12 462848 ----a-w- c:\windows\system32\LCamCpl.dll
2012-03-06 21:16 . 2005-06-08 18:31 215552 ----a-w- c:\windows\system32\Lvkrn12n.dll
2012-03-06 21:16 . 2003-06-10 00:39 29795 ----a-w- c:\windows\system32\ITIG726.acm
2012-03-06 21:16 . 2005-06-08 18:31 628736 ----a-w- c:\windows\system32\ltocx12n.ocx
2012-03-06 21:16 . 2005-06-08 18:31 192512 ----a-w- c:\windows\system32\ltscr12n.ocx
2012-03-06 21:16 . 2005-06-08 14:45 86016 ----a-w- c:\windows\system32\vatee.ax
2012-03-06 21:15 . 2005-06-08 18:41 466944 ----a-w- c:\windows\system32\QCUI2.dll
2012-03-06 21:15 . 2005-06-08 18:38 90112 ----a-w- c:\windows\system32\LQCUI2.dll
2012-03-06 21:15 . 2005-06-08 18:31 856064 ----a-w- c:\windows\system32\Ltwvc12n.dll
2012-03-06 21:15 . 2005-06-08 18:31 406016 ----a-w- c:\windows\system32\ltkrn12n.dll
2012-03-06 21:15 . 2005-06-08 18:31 259072 ----a-w- c:\windows\system32\LTDIS12n.dll
2012-03-06 21:15 . 2005-06-08 18:31 207872 ----a-w- c:\windows\system32\ltefx12n.dll
2012-03-06 21:15 . 2005-06-08 18:31 164864 ----a-w- c:\windows\system32\ltimg12n.dll
2012-03-06 21:15 . 2005-06-08 18:31 131072 ----a-w- c:\windows\system32\ltfil12n.DLL
2012-03-06 21:15 . 2005-06-08 18:31 141312 ----a-w- c:\windows\system32\lftif12n.dll
2012-03-06 21:15 . 2005-06-08 18:31 78336 ----a-w- c:\windows\system32\lffax12n.dll
2012-03-06 21:15 . 2005-06-08 18:31 328704 ----a-w- c:\windows\system32\LFCMP12n.DLL
2012-03-06 21:15 . 2005-06-08 18:31 30720 ----a-w- c:\windows\system32\lfbmp12n.dll
2012-03-06 21:14 . 2003-11-10 22:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-03-06 20:51 . 2012-03-06 20:51 -------- d-----w- c:\users\Tammy\AppData\Roaming\FotoWire
2012-03-06 20:51 . 2012-03-06 20:51 -------- d-----w- c:\program files\Common Files\FotoWire
2012-03-06 20:50 . 2003-03-19 01:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2012-03-06 20:50 . 2003-03-19 01:44 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL
2012-03-06 20:50 . 2003-03-19 01:44 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL
2012-03-06 20:50 . 2003-03-19 01:44 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL
2012-03-06 20:50 . 2003-03-19 01:44 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2012-03-06 20:50 . 2003-03-19 01:44 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2012-03-06 20:50 . 2003-03-19 01:44 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL
2012-03-06 20:50 . 2003-03-19 01:44 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL
2012-03-06 20:50 . 2003-03-19 00:05 89088 ----a-w- c:\windows\system32\atl71.dll
2012-03-06 20:49 . 2012-03-24 22:15 -------- d-----w- c:\program files\Logitech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 22:57 . 2011-12-05 17:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3192b808-ec27-4332-b6c6-97f82692cad5}]
2010-03-17 19:45 2355224 ----a-w- c:\program files\CommentsBar_-_Social_Comments\tbCom0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2009-09-23 15:50 2261016 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3192b808-ec27-4332-b6c6-97f82692cad5}"= "c:\program files\CommentsBar_-_Social_Comments\tbCom0.dll" [2010-03-17 2355224]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
.
[HKEY_CLASSES_ROOT\clsid\{3192b808-ec27-4332-b6c6-97f82692cad5}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3192B808-EC27-4332-B6C6-97F82692CAD5}"= "c:\program files\CommentsBar_-_Social_Comments\tbCom0.dll" [2010-03-17 2355224]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
.
[HKEY_CLASSES_ROOT\clsid\{3192b808-ec27-4332-b6c6-97f82692cad5}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13949544]
.
c:\users\danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
backup=c:\windows\pss\HP Button Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Magic-i.lnk
backup=c:\windows\pss\Magic-i.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Tammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-10-08 21:16 137536 ----atw- c:\users\Tammy\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 21:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 19:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 19:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 21:32 221184 ----a-w- c:\windows\System32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 18:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-27 21:47 92776 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-23 18:25 6183456 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 12:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-430488695-2980144448-114892399-1000Core.job
- c:\users\Tammy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-08 21:16]
.
2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-430488695-2980144448-114892399-1000UA.job
- c:\users\Tammy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-08 21:16]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 22:28]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?mtmhp=acm50mtmhpunauthgreeting
mStart Page = hxxp://search.entru.com/?s=21982
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Google Update - c:\users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-bflixtoolbar - c:\program files\bflixtoolbar\uninstall.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-03_Swallowtail - c:\users\Tammy\AppData\Local\Temp\SAMSUNG\USB Drivers\-r\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\users\Tammy\AppData\Local\Temp\SAMSUNG\USB Drivers\-r\04_semseyite\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-27 11:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,9c,dd,8e,25,45,a5,4b,bc,5d,87,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,9c,dd,8e,25,45,a5,4b,bc,5d,87,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-27 11:32:28
ComboFix-quarantined-files.txt 2012-03-27 15:32
.
Pre-Run: 206,620,495,872 bytes free
Post-Run: 206,598,287,360 bytes free
.
- - End Of File - - DDB6D06F8E3ADDC9DAEFD2D0AADA2407
-
P2P - I see you have P2P software installed on your machine. (LimeWire)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
****************************************************
Please download: HiJackThis (http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe) to your Desktop.
- Double Click the HijackThis icon, located on your Desktop.
- By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
- Accept the license agreement.
- Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
***************************************************
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
*****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Thank-You so much for your help. I went to control panel and programs and looked for P2P and limewire but I could not find either one of these programs to uninstall. Could they be under another name? Also I will do the all of the other information that you have given me and again I really appreciate this. The kids must have installed the P2P and limewire; please tell me what to look for. Thank-You
-
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: 8EBD9000
Module End: 8EBE3000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_nvstor32.sys
Service Name: ---
Module Base: 8A3C5000
Module End: 8A3E9000
Hidden: Yes
Module Name: \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: 9E7F7000
Module End: 9E7F9000
Hidden: Yes
Module Name: \??\C:\Users\Tammy\AppData\Local\Temp\catchme.sys
Service Name: catchme
Module Base: 9E600000
Module End: 9E608000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwNotifyChangeKey
Address: E049C004
Driver Base: E049B000
Driver End: E049E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwNotifyChangeMultipleKeys
Address: E049C0D4
Driver Base: E049B000
Driver End: E049E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwOpenProcess
Address: E049BD76
Driver Base: E049B000
Driver End: E049E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwTerminateProcess
Address: E049BE1E
Driver Base: E049B000
Driver End: E049E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwTerminateThread
Address: E049BEBA
Driver Base: E049B000
Driver End: E049E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwWriteVirtualMemory
Address: E049BF56
Driver Base: E049B000
Driver End: E049E000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No hidden files/folders found
-
Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 31
Adobe Flash Player 10.3.183.5 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
-
went to control panel and programs and looked for P2P and limewire but I could not find either one of these programs to uninstall.
I saw it here:
c:\users\danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe
If you can't find it in Programs and Features you could look in your C drive under program files.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
I ran the Eset scan and if came up with 2 threats, but I can't find the file to post it. I ran another scan and there weren't any threats.
-
I ran the Eset scan and if came up with 2 threats, but I can't find the file to post it. I ran another scan and there weren't any threats.
Ok. How's your computer running? Any other issues before we clean up?
-
So far computer hasn't crashed ;D but still running slow and when I take programs off of start up they keep coming back, I have unchecked them many times and applied and restarted, but they come back. Also I click on normal start up but it returns to selective start up. Again your help is greatly appreciated. Thanks
-
when I take programs off of start up they keep coming back, I have unchecked them many times and applied and restarted, but they come back.
I'm not sure I understand this. Are you talking about startup. If so, you could try running StartUpLite. It will allow you to pick which programs you want in startup.
StartupLite
Download StartupLite by MalwareBytes (http://www.malwarebytes.org/StartUpLite.exe) to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
-
Thanks for the infor for startup. Computer still hasn't crashed ;D, but still running somewhat slow.
-
Thanks for the infor for startup. Computer still hasn't crashed ;D, but still running somewhat slow.
How much RAM do you have on that computer?
-
3gig
-
3gig
Ok, that's not the problem. Let's try something else.
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 18:23:45
-----------------------------
18:23:45.640 OS Version: Windows 6.0.6002 Service Pack 2
18:23:45.641 Number of processors: 2 586 0x6B02
18:23:45.642 ComputerName: TAMMY-PC UserName: Tammy
18:23:50.133 Initialize success
18:24:12.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
18:24:12.818 Disk 0 Vendor: ST332081 SD23 Size: 305245MB BusType: 6
18:24:12.855 Disk 0 MBR read successfully
18:24:12.861 Disk 0 MBR scan
18:24:12.867 Disk 0 unknown MBR code
18:24:12.894 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
18:24:12.916 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295003 MB offset 20973568
18:24:12.938 Disk 0 scanning sectors +625140400
18:24:13.073 Disk 0 scanning C:\Windows\system32\drivers
18:24:25.800 Service scanning
18:24:43.331 Modules scanning
18:25:18.481 Disk 0 trace - called modules:
18:25:18.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
18:25:18.520 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866ce9f8]
18:25:18.527 3 CLASSPNP.SYS[8a3a08b3] -> nt!IofCallDriver -> [0x85a885f8]
18:25:18.535 5 acpi.sys[806126bc] -> nt!IofCallDriver -> \Device\00000060[0x85640b88]
18:25:18.542 Scan finished successfully
18:26:43.744 Disk 0 MBR has been saved successfully to "C:\Users\Tammy\Desktop\MBR.dat"
18:26:43.751 The log file has been saved successfully to "C:\Users\Tammy\Desktop\aswMBR.txt"
-
:'( BUMMER computer crashed again, but I did get file of Blue Screen ;)
Dump File : Mini040112-02.dmp
Crash Time : 4/1/2012 7:41:59 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8261a85e
Parameter 3 : 0x8ad6b8cc
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+1df85e
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+1df85e
Stack Address 1 : ntkrnlpa.exe+1df9d3
Stack Address 2 : ntkrnlpa.exe+1df1d4
Stack Address 3 : ntkrnlpa.exe+1de6d6
Computer Name :
Full Path : C:\Windows\Minidump\Mini040112-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 135,208
==================================================
==================================================
Dump File : Mini040112-01.dmp
Crash Time : 4/1/2012 12:38:22 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000000
Parameter 2 : 0x000000a0
Parameter 3 : 0x00000008
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini040112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 155,696
==================================================
==================================================
Dump File : Mini032712-01.dmp
Crash Time : 3/27/2012 10:51:36 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00041284
Parameter 2 : 0x0c6d4001
Parameter 3 : 0x00003b64
Parameter 4 : 0xc0802000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+63746
Stack Address 2 : ntkrnlpa.exe+63994
Stack Address 3 : ntkrnlpa.exe+b624c
Computer Name :
Full Path : C:\Windows\Minidump\Mini032712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 155,696
==================================================
-
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
•Double-click on MBRCheck.exe to run it.
•It will open a black window...please do not fix anything (if it gives you an option).
•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
-
Thank-You!!!
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: eMachines
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: eMachines
System Product Name: ET1161-07
Logical Drives Mask: 0x000001f4
Kernel Drivers (total 147):
0x82417000 \SystemRoot\system32\ntkrnlpa.exe
0x827D1000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\PSHED.dll
0x8041A000 \SystemRoot\system32\BOOTVID.dll
0x80422000 \SystemRoot\system32\CLFS.SYS
0x80463000 \SystemRoot\system32\CI.dll
0x80543000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80607000 \SystemRoot\system32\drivers\acpi.sys
0x8064D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80656000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065E000 \SystemRoot\system32\drivers\pci.sys
0x80685000 \SystemRoot\System32\drivers\partmgr.sys
0x80694000 \SystemRoot\system32\drivers\volmgr.sys
0x806A3000 \SystemRoot\System32\drivers\volmgrx.sys
0x806ED000 \SystemRoot\system32\drivers\pciide.sys
0x806F4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80702000 \SystemRoot\System32\drivers\mountmgr.sys
0x80712000 \SystemRoot\system32\drivers\atapi.sys
0x8071A000 \SystemRoot\system32\drivers\ataport.SYS
0x80738000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x8075C000 \SystemRoot\system32\DRIVERS\storport.sys
0x8079D000 \SystemRoot\system32\drivers\fltmgr.sys
0x807CF000 \SystemRoot\system32\drivers\fileinfo.sys
0x82A03000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A75000 \SystemRoot\system32\drivers\ndis.sys
0x82B80000 \SystemRoot\system32\drivers\msrpc.sys
0x82BAB000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A008000 \SystemRoot\System32\drivers\tcpip.sys
0x8A0F2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A319000 \SystemRoot\system32\drivers\volsnap.sys
0x8A352000 \SystemRoot\System32\Drivers\spldr.sys
0x8A35A000 \SystemRoot\System32\Drivers\mup.sys
0x8A369000 \SystemRoot\System32\drivers\ecache.sys
0x8A390000 \SystemRoot\system32\drivers\disk.sys
0x8A3A1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A3C2000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3CB000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8A3D2000 \SystemRoot\system32\DRIVERS\avgidsehx.sys
0x8A3ED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A200000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A131000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8A141000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A154000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A15F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A16A000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A174000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A1B2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E005000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8E122000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E124000 \SystemRoot\system32\drivers\modem.sys
0x8E131000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E20E000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E254000 \SystemRoot\system32\drivers\Afc.sys
0x8E25C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E274000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8E408000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8ED19000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8ED1B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EDBB000 \SystemRoot\System32\drivers\watchdog.sys
0x8EDD2000 \SystemRoot\system32\DRIVERS\ArcSoftVirtualCapture.sys
0x8EDD7000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8E27A000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E2A4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EDE4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E2D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EDEF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E2EA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E30D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E31C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E330000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E345000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EDFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EDC7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E355000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E362000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E397000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F202000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F40F000 \SystemRoot\system32\drivers\portcls.sys
0x8F43C000 \SystemRoot\system32\drivers\drmk.sys
0x8F461000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8F46F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F478000 \SystemRoot\System32\Drivers\Null.SYS
0x8F47F000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F486000 \SystemRoot\System32\drivers\vga.sys
0x8F492000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F4B3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F4BB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F4C3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F4CE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F4DC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F4E5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F4FB000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F50F000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8F557000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F589000 \SystemRoot\system32\drivers\afd.sys
0x8F5D1000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F5DA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F5F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E3B3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E3C6000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8E400000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8E1BE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E3E8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8A1C1000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FC0C000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8FC44000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FC5B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FC64000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FC74000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FC7B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FC83000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8FC98000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8FCAE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FCBB000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8FCC5000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x81690000 \SystemRoot\System32\win32k.sys
0x8FCE9000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FCF3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x818B0000 \SystemRoot\System32\TSDDD.dll
0x818D0000 \SystemRoot\System32\cdd.dll
0x8FD02000 \SystemRoot\system32\drivers\luafv.sys
0x8FD1D000 \SystemRoot\system32\drivers\spsys.sys
0x8FDCD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FDDD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0A09000 \SystemRoot\system32\drivers\HTTP.sys
0xA0A76000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0A93000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA0AAC000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0AC1000 \SystemRoot\system32\drivers\mrxdav.sys
0xA0AE2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0B01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0B3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0B52000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0B7A000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0BC9000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0xA0BCC000 \??\C:\Windows\system32\drivers\int15.sys
0xA3207000 \SystemRoot\system32\drivers\peauth.sys
0xA32E5000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA32EF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA32FB000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0xA3300000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA3315000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA3327000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0x779D0000 \Windows\System32\ntdll.dll
Processes (total 77):
0 System Idle Process
4 System
7160 C:\Windows\System32\smss.exe
7196 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
7232 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
7448 csrss.exe
7508 C:\Windows\System32\wininit.exe
7520 csrss.exe
7556 C:\Windows\System32\services.exe
7596 C:\Windows\System32\lsass.exe
7604 C:\Windows\System32\lsm.exe
7648 C:\Windows\System32\winlogon.exe
7804 C:\Windows\System32\svchost.exe
7852 C:\Windows\System32\nvvsvc.exe
7884 C:\Windows\System32\svchost.exe
7972 C:\Windows\System32\svchost.exe
8028 C:\Windows\System32\svchost.exe
8064 C:\Windows\System32\svchost.exe
8180 C:\Windows\System32\audiodg.exe
1360 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\SLsvc.exe
1488 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\nvvsvc.exe
728 C:\Windows\System32\spoolsv.exe
1080 C:\Windows\System32\svchost.exe
348 C:\Windows\System32\taskeng.exe
636 C:\Windows\System32\dwm.exe
972 C:\Windows\System32\taskeng.exe
1132 C:\Windows\explorer.exe
2716 C:\Program Files\SUPERAntiSpyware\SASCore.exe
2756 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
2796 C:\Windows\System32\agrsmsvc.exe
2860 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2900 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
2964 C:\Program Files\Bonjour\mDNSResponder.exe
3020 C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
3420 C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
3588 C:\Windows\System32\svchost.exe
3652 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3940 C:\Windows\System32\svchost.exe
4036 C:\Windows\System32\svchost.exe
4136 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
4200 C:\Windows\System32\SearchIndexer.exe
4328 C:\Program Files\Bandoo\Bandoo.exe
4616 C:\Program Files\AVG\AVG2012\avgnsx.exe
4632 C:\Program Files\AVG\AVG2012\avgemcx.exe
4696 C:\Program Files\AVG\AVG2012\avgidsagent.exe
5464 WUDFHost.exe
6668 C:\Program Files\AVG\AVG2012\avgtray.exe
6788 C:\Windows\RtHDVCpl.exe
6868 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
6916 C:\Windows\System32\rundll32.exe
1444 C:\Windows\System32\LVCOMSX.EXE
1460 C:\Program Files\Logitech\Video\LogiTray.exe
1492 C:\Program Files\iTunes\iTunesHelper.exe
1508 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
1532 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
1548 C:\Windows\ehome\ehtray.exe
1564 C:\Program Files\Skype\Phone\Skype.exe
1636 C:\Program Files\HP\Button Manager\BM.exe
1652 C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
1884 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
1932 C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
360 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
424 C:\Windows\ehome\ehmsas.exe
2224 C:\Program Files\iPod\bin\iPodService.exe
2368 C:\Program Files\Internet Explorer\iexplore.exe
2480 C:\Program Files\Internet Explorer\iexplore.exe
2552 C:\Windows\System32\svchost.exe
5644 C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
8148 C:\Windows\System32\SearchProtocolHost.exe
1004 C:\Windows\System32\SearchFilterHost.exe
648 C:\Program Files\Internet Explorer\iexplore.exe
1236 dllhost.exe
6628 dllhost.exe
6636 C:\Users\Tammy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30PNJ679\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
PhysicalDrive0 Model Number: ST3320813AS, Rev: SD23
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F85B7CD526802923C3EA061081FBF03E1B7455C 7
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
-
Please Boot to the System Recovery Options (http://www.sevenforums.com/tutorials/668-system-recovery-options.html)
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.
On the System Recovery Options menu you will get the following options:
- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt
Choose Command Prompt
You should see X:\SOURCES>...
Execute the following commands in bold.
Press Enter after every one of them.
bootrec /fixmbr (<--- there is a "space" after "bootrec")
bootrec /fixboot (<--- there is a "space" after "bootrec")
exit
Restart computer.
Please run MBRCheck.exe again after doing the above and post the log.
-
Thanks Again you are wonderful for helping me so much ;D
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: eMachines
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: eMachines
System Product Name: ET1161-07
Logical Drives Mask: 0x000001f4
Kernel Drivers (total 147):
0x82406000 \SystemRoot\system32\ntkrnlpa.exe
0x827C0000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\PSHED.dll
0x80424000 \SystemRoot\system32\BOOTVID.dll
0x8042C000 \SystemRoot\system32\CLFS.SYS
0x8046D000 \SystemRoot\system32\CI.dll
0x8054D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80605000 \SystemRoot\system32\drivers\acpi.sys
0x8064B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80654000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065C000 \SystemRoot\system32\drivers\pci.sys
0x80683000 \SystemRoot\System32\drivers\partmgr.sys
0x80692000 \SystemRoot\system32\drivers\volmgr.sys
0x806A1000 \SystemRoot\System32\drivers\volmgrx.sys
0x806EB000 \SystemRoot\system32\drivers\pciide.sys
0x806F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80700000 \SystemRoot\System32\drivers\mountmgr.sys
0x80710000 \SystemRoot\system32\drivers\atapi.sys
0x80718000 \SystemRoot\system32\drivers\ataport.SYS
0x80736000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x8075A000 \SystemRoot\system32\DRIVERS\storport.sys
0x8079B000 \SystemRoot\system32\drivers\fltmgr.sys
0x807CD000 \SystemRoot\system32\drivers\fileinfo.sys
0x82A02000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A74000 \SystemRoot\system32\drivers\ndis.sys
0x82B7F000 \SystemRoot\system32\drivers\msrpc.sys
0x82BAA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A002000 \SystemRoot\System32\drivers\tcpip.sys
0x8A0EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A208000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A318000 \SystemRoot\system32\drivers\volsnap.sys
0x8A351000 \SystemRoot\System32\Drivers\spldr.sys
0x8A359000 \SystemRoot\System32\Drivers\mup.sys
0x8A368000 \SystemRoot\System32\drivers\ecache.sys
0x8A38F000 \SystemRoot\system32\drivers\disk.sys
0x8A3A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A3C1000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3CA000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8A3D1000 \SystemRoot\system32\DRIVERS\avgidsehx.sys
0x8A3EC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A3F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A12B000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8A13B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A14E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A159000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A164000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A16E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A1AC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DC0A000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8DD27000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DD29000 \SystemRoot\system32\drivers\modem.sys
0x8DD36000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DE04000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8DE4A000 \SystemRoot\system32\drivers\Afc.sys
0x8DE52000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DE6A000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8E00F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8E920000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8E922000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E9C2000 \SystemRoot\System32\drivers\watchdog.sys
0x8E9D9000 \SystemRoot\system32\DRIVERS\ArcSoftVirtualCapture.sys
0x8E9DE000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8DE70000 \SystemRoot\system32\DRIVERS\ks.sys
0x8DE9A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E9EB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DEC9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8DEE0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DF03000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8DF12000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8DF26000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8DF3B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E00B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E9CE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DF4B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8DF58000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8DF8D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EC04000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EE11000 \SystemRoot\system32\drivers\portcls.sys
0x8EE3E000 \SystemRoot\system32\drivers\drmk.sys
0x8EE63000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8EE71000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EE7A000 \SystemRoot\System32\Drivers\Null.SYS
0x8EE81000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EE88000 \SystemRoot\System32\drivers\vga.sys
0x8EE94000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EEB5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EEBD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EEC5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EED0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EEDE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EEE7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EEFD000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EF11000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8EF59000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EF8B000 \SystemRoot\system32\drivers\afd.sys
0x8EFD3000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8EFDC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EFF2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DFA9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DFBC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8E9F6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8DDC3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DFDE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8DFF5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8A1BB000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DF9E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8A1D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8DC00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F806000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8F83E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F846000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8F85B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8F871000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F87E000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8F888000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x95E70000 \SystemRoot\System32\win32k.sys
0x8F8AC000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F8B6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96090000 \SystemRoot\System32\TSDDD.dll
0x960B0000 \SystemRoot\System32\cdd.dll
0x8F8C5000 \SystemRoot\system32\drivers\luafv.sys
0x8F8E0000 \SystemRoot\system32\drivers\spsys.sys
0x8F990000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F9A0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0A02000 \SystemRoot\system32\drivers\HTTP.sys
0xA0A6F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0A8C000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA0AA5000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0ABA000 \SystemRoot\system32\drivers\mrxdav.sys
0xA0ADB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0AFA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0B33000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0B4B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0B73000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0BC2000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0xA0BC5000 \??\C:\Windows\system32\drivers\int15.sys
0xA2A0D000 \SystemRoot\system32\drivers\peauth.sys
0xA2AEB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2AF5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2B01000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0xA2B06000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0xA2B27000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA2B3C000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x77570000 \Windows\System32\ntdll.dll
Processes (total 79):
0 System Idle Process
4 System
2536 C:\Windows\System32\smss.exe
2464 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
2392 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
1172 csrss.exe
980 C:\Windows\System32\wininit.exe
900 csrss.exe
740 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
564 C:\Windows\System32\lsm.exe
1168 C:\Windows\System32\winlogon.exe
736 C:\Windows\System32\svchost.exe
544 C:\Windows\System32\nvvsvc.exe
416 C:\Windows\System32\svchost.exe
2024 C:\Windows\System32\svchost.exe
1888 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\svchost.exe
1552 C:\Windows\System32\audiodg.exe
1496 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\SLsvc.exe
1372 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\nvvsvc.exe
1724 C:\Windows\System32\svchost.exe
640 C:\Windows\System32\spoolsv.exe
608 C:\Windows\System32\taskeng.exe
712 C:\Windows\System32\dwm.exe
904 C:\Windows\System32\svchost.exe
1224 C:\Windows\explorer.exe
4548 C:\Windows\System32\taskeng.exe
5044 C:\Program Files\SUPERAntiSpyware\SASCore.exe
5084 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
5124 C:\Windows\System32\agrsmsvc.exe
5188 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
5228 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
5292 C:\Program Files\Bonjour\mDNSResponder.exe
5348 C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
5676 C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
5868 C:\Windows\System32\svchost.exe
5900 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
6140 C:\Windows\System32\svchost.exe
4324 C:\Windows\System32\svchost.exe
4048 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
4208 C:\Windows\System32\SearchIndexer.exe
3988 C:\Program Files\Bandoo\Bandoo.exe
3684 C:\Program Files\AVG\AVG2012\avgidsagent.exe
3408 C:\Program Files\AVG\AVG2012\avgnsx.exe
3360 C:\Program Files\AVG\AVG2012\avgemcx.exe
4664 WUDFHost.exe
1068 C:\Program Files\AVG\AVG2012\avgtray.exe
1260 C:\Windows\RtHDVCpl.exe
2076 C:\Windows\System32\rundll32.exe
2156 C:\Windows\System32\mobsync.exe
2292 C:\Windows\System32\LVCOMSX.EXE
2308 C:\Program Files\Logitech\Video\LogiTray.exe
2340 C:\Program Files\iTunes\iTunesHelper.exe
2356 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
2412 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
2428 C:\Windows\ehome\ehtray.exe
2516 C:\Program Files\Skype\Phone\Skype.exe
2644 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2900 C:\Program Files\HP\Button Manager\BM.exe
2924 C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
2988 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3260 C:\Windows\ehome\ehmsas.exe
3316 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
5288 C:\Program Files\iPod\bin\iPodService.exe
800 C:\Windows\System32\svchost.exe
4532 C:\Program Files\Internet Explorer\iexplore.exe
4660 C:\Program Files\Internet Explorer\iexplore.exe
5956 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
4064 C:\Program Files\Internet Explorer\iexplore.exe
3764 C:\Windows\System32\SearchProtocolHost.exe
748 WmiPrvSE.exe
4880 C:\Program Files\AVG\AVG2012\avgmfapx.exe
5672 C:\Windows\servicing\TrustedInstaller.exe
3544 dllhost.exe
4516 dllhost.exe
428 C:\Users\Tammy\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Content.IE5\S86HASQ3\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
PhysicalDrive0 Model Number: ST3320813AS, Rev: SD23
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A797 9
Done!
-
??? As soon as I did the command promt and ran the MBA again the computer crashed. :'(
-
Mini040412-01.dmp 4/4/2012 12:00:23 PM MEMORY_MANAGEMENT 0x0000001a 0x00005003 0x8a400000 0x00001ae9 0x01ae75c2 hal.dll hal.dll+770c Hardware Abstraction Layer DLL Microsoft®
Windows® Operating System Microsoft Corporation 6.0.6002.18005 (lh_sp2rtm.090410-1830) 32-bit ntkrnlpa.exe+cdb3f ntkrnlpa.exe+5fb76 ntkrnlpa.exe+bc727 ntkrnlpa.exe+1e8ced C:\Windows\Minidump\Mini040412-01.dmp 2 15 6002 135,208
Mini040312-01.dmp 4/3/2012 3:04:57 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0x8262fe25 0xb1aab7f4 0x00000000 nvlddmkm.sys nvlddmkm.sys+67572 NVIDIA Windows Kernel
Mode Driver, Version 191.07 NVIDIA Windows Kernel Mode Driver, Version 191.07 NVIDIA Corporation 8.16.11.9107 32-bit ntkrnlpa.exe+218e25 ntkrnlpa.exe+
279c3 ntkrnlpa.exe+4b83a C:\Windows\Minidump\Mini040312-01.dmp 2 15 6002 155,696
Mini040112-02.dmp 4/1/2012 7:41:59 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0x8261a85e 0x8ad6b8cc 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+1df85e NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+1df85e ntkrnlpa.exe+1df9d3 ntkrnlpa.exe+1df1d4 ntkrnlpa.exe+1de6d6 C:\Windows\Minidump\Mini040112-02.dmp 2 15 6002 135,208
Mini040112-01.dmp 4/1/2012 12:38:22 PM DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x000000d1 0x00000000 0x000000a0 0x00000008 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+4dfd9 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+4dfd9 C:\Windows\Minidump\Mini040112-01.dmp 2 15 6002 155,696
Mini032712-01.dmp 3/27/2012 10:51:36 AM MEMORY_MANAGEMENT 0x0000001a 0x00041284 0x0c6d4001 0x00003b64 0xc0802000 ntkrnlpa.exe ntkrnlpa.exe+cdb3f NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+cdb3f ntkrnlpa.exe+63746 ntkrnlpa.exe+63994 ntkrnlpa.exe+b624c C:\Windows\Minidump\Mini032712-01.dmp 2 15 6002 155,696
-
It looks like the MBR has been fixed.
Download BlueScreenView to your desktop.
BlueScreenView (http://www.nirsoft.net/utils/blue_screen_view.html)
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.
-
Thank-You for the MBA fix I appreciate it very much.
==================================================
Dump File : Mini040412-01.dmp
Crash Time : 4/4/2012 12:00:23 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00005003
Parameter 2 : 0x8a400000
Parameter 3 : 0x00001ae9
Parameter 4 : 0x01ae75c2
Caused By Driver : hal.dll
Caused By Address : hal.dll+770c
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+5fb76
Stack Address 2 : ntkrnlpa.exe+bc727
Stack Address 3 : ntkrnlpa.exe+1e8ced
Computer Name :
Full Path : C:\Windows\Minidump\Mini040412-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 135,208
==================================================
==================================================
Dump File : Mini040312-01.dmp
Crash Time : 4/3/2012 3:04:57 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8262fe25
Parameter 3 : 0xb1aab7f4
Parameter 4 : 0x00000000
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+67572
File Description : NVIDIA Windows Kernel Mode Driver, Version 191.07
Product Name : NVIDIA Windows Kernel Mode Driver, Version 191.07
Company : NVIDIA Corporation
File Version : 8.16.11.9107
Processor : 32-bit
Crash Address : ntkrnlpa.exe+218e25
Stack Address 1 : ntkrnlpa.exe+279c3
Stack Address 2 : ntkrnlpa.exe+4b83a
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini040312-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 155,696
==================================================
==================================================
Dump File : Mini040112-02.dmp
Crash Time : 4/1/2012 7:41:59 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8261a85e
Parameter 3 : 0x8ad6b8cc
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+1df85e
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+1df85e
Stack Address 1 : ntkrnlpa.exe+1df9d3
Stack Address 2 : ntkrnlpa.exe+1df1d4
Stack Address 3 : ntkrnlpa.exe+1de6d6
Computer Name :
Full Path : C:\Windows\Minidump\Mini040112-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 135,208
==================================================
==================================================
Dump File : Mini040112-01.dmp
Crash Time : 4/1/2012 12:38:22 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000000
Parameter 2 : 0x000000a0
Parameter 3 : 0x00000008
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini040112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 155,696
==================================================
==================================================
Dump File : Mini032712-01.dmp
Crash Time : 3/27/2012 10:51:36 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00041284
Parameter 2 : 0x0c6d4001
Parameter 3 : 0x00003b64
Parameter 4 : 0xc0802000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+63746
Stack Address 2 : ntkrnlpa.exe+63994
Stack Address 3 : ntkrnlpa.exe+b624c
Computer Name :
Full Path : C:\Windows\Minidump\Mini032712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 155,696
==================================================
-
Please do this even if you don't have the OS disk.
Do you have your OS CD/DVD?
If so,
1/ Click the Start button.
2/ From the Start Menu, Click All programs followed by Accessories.
3/ In the Accessories menu, Right Click on the Command Prompt option.
4/ From the drop down menu that appears, Click on the Run as administrator option.
5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.
6/ In the Command Prompt window, type: sfc /scannow and then press Enter.
7/ A message will appear stating that the system scan will begin.
8/ Be patient because the scan may take some time.
9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.
10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.
11/ After the scan has completed, Close the command prompt window.
-
I ran the sfc scan and it read there were corrup files and was unable to fix some of them. Computer didn't come with any disks, but I downloaded 2 recovery factory default disc and 1 driver and application backup disc from the computer. Do I need to use these on the computer? Also will I lose everthing on the computer? Again I appreciate all your help. :-*
-
Computer didn't come with any disks, but I downloaded 2 recovery factory default disc and 1 driver and application backup disc from the computer. Do I need to use these on the computer? Also will I lose everthing on the computer?
You should be able to use the Recovery Disks to repair the corrupted files and it will not harm the other data on your computer if you just do a Repair. If you do a full Recovery it will take your computer back to the day it was purchased.
-
How do I do just repair. When I loaded first recovery disk it read full recovery or exit, there wasn't an option for repair. Also do I use the application disk? Thanks
-
How do I do just repair. When I loaded first recovery disk it read full recovery or exit, there wasn't an option for repair. Also do I use the application disk? Thanks
Almost every recovery disk is made differently so I'm not sure without looking at the disk. You may have do save your important data and do a complete recovery.
-
Thank you for all of your help, I greatly appreciate it. I ended up restoring the whole computer, at least it runs a lot better. Again I want to thank you (learned a lot)
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.