Jump to content


Photo

Help - random reboot


  • This topic is locked This topic is locked
17 replies to this topic

#1 Sean715

Sean715

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 09 April 2009 - 04:30 PM

I have had a 'random reboot' problem for the past 5 weeks.

About 3 weeks ago I ran a2squared antispyware which flagged a number of viruses and tojans in both my Windows and AOL ISP system files. I quarantined the items for later review. However, when i tried to access them in a2squared the items and logfiles disappeared.

I subsequently ran AVAST antivirus, Spybot, MalwareBytes and SuperAnti all of which came up clear.

After googling 'random reboots' I followed the usual checklist.

1. Ran dxdiag and updated my drivers which are all WHQL signed - but still the reboots.

2. Checked for overheating in the CPU by running a high speed desk fan directly into the system with the case off - I still got a reboot.

3. I swapped out both RAM modules - alas still got reboots.

4. Haven't changed the PSU but I have the same component setup for past 2-3 years ie. monitor, printer keyboard, mouse and modem.

I have also unckecked the 'automatic reboot' setting but the system still reboots without any error screen.

If it helps I have an Fujitsu Siemens Scaleo P Intel P4 519 3.06GHz Prescott 775 DDR 1 GB RAM.

My HijackThis logfile is shown below and any feedback would be greatly appreciated. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:49, on 04/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1144959581\ee\AOLSoftware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1144959581\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1144959581\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144959581\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://channels.aolsvc.co.uk
O15 - Trusted Zone: *.global-view.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151003566812
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.westhamonline.net/dot.gif

--
End of file - 6657 bytes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 12 April 2009 - 04:55 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 18 April 2009 - 07:28 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - AppInit_DLLs:


Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally.
===

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
===

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

These reports are long, please post the contents of both logs (in separate post) in your next reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 Sean715

Sean715

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 18 April 2009 - 12:04 PM

Hi nasdaq thanks very much for your help.

I followed your instructions step by step right down to downloading and running Dr.Web Cureit in safe mode. However the scan has come up with No viruses found and subsequently the click file and save report list are grayed out.

I will now download RSIT and will post the logs in separate posts as instructed.

As an aside my reboots are getting more frequent - I'm lucky if I do not get one any more than an hour after bootup if this flags up or indicates anything further to you.

Thanks again for your help.

Edited by Sean715, 18 April 2009 - 12:40 PM.


#5 Sean715

Sean715

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 18 April 2009 - 12:42 PM

Log.txt file as follows

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jarleth McMahon at 2009-04-18 19:39:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 131 GB (68%) free of 191 GB
Total RAM: 1014 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:29, on 04/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AOL9~1.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1144959581\ee\aolsoftware.exe
c:\program files\common files\aol\1144959581\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1144959581\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jarleth McMahon\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jarleth McMahon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://channels.aolsvc.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151003566812
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BB2DFF7-60F6-416C-B70F-C506C2E6673A}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{621CD8C5-DFB3-41E1-AAB7-61B5BED8676B}: NameServer = 92.31.241.20 92.31.241.21
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.westhamonline.net/dot.gif

--
End of file - 6411 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{B1AE3C92-514E-4F94-AD88-B5293CB66F81}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe [2003-08-19 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe [2003-06-28 1658965]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\eraser.exe [2003-07-25 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1144959581\ee\AOLSoftware.exe [2006-11-17 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2009-03-26 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2009-03-26 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2009-03-26 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-03-30 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
C:\Program Files\WinPatrol\winpatrol.exe [2008-04-25 333120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-07-07 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
C:\PROGRA~1\MICROS~3\Office\OSA.EXE [1997-08-19 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CmdAgent"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-03-26 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\1144959581\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1144959581\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-04-18 19:06:37 ----D---- C:\rsit
2009-04-18 18:15:43 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-16 06:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 06:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 06:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 06:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 04:03:33 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-01 19:43:58 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-03-31 17:25:16 ----D---- C:\Program Files\SpeedFan
2009-03-26 20:44:16 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-03-26 20:41:15 ----D---- C:\WINDOWS\system32\x64
2009-03-26 20:41:15 ----A---- C:\WINDOWS\system32\igxpun.exe
2009-03-26 20:40:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-26 20:37:06 ----D---- C:\Program Files\New Folder (2)
2009-03-26 20:35:05 ----D---- C:\WINDOWS\Intel Driver Update
2009-03-26 19:31:49 ----D---- C:\Program Files\SystemRequirementsLab
2009-03-26 19:31:37 ----D---- C:\Documents and Settings\Jarleth McMahon\Application Data\SystemRequirementsLab
2009-03-25 17:53:23 ----D---- C:\Program Files\Utility
2009-03-21 13:28:21 ----D---- C:\Program Files\ZoneAlarmSB
2009-03-21 13:26:33 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2009-03-21 13:26:16 ----A---- C:\WINDOWS\zllsputility.exe
2009-03-21 13:26:16 ----A---- C:\WINDOWS\system32\SpOrder.dll
2009-03-21 13:25:53 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-03-21 13:25:53 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2009-03-21 13:25:50 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-03-21 13:25:50 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-03-21 13:25:44 ----A---- C:\WINDOWS\system32\zpeng24.dll
2009-03-21 13:25:44 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-03-21 13:25:43 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-03-21 13:25:43 ----D---- C:\Program Files\Zone Labs
2009-03-21 13:25:43 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-03-21 13:25:43 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-03-21 13:25:43 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-03-21 13:24:46 ----D---- C:\WINDOWS\Internet Logs
2009-03-21 13:24:46 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-03-21 13:24:46 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-03-21 13:24:46 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-03-20 00:34:01 ----D---- C:\Program Files\PacificPoker
2009-03-19 23:35:03 ----D---- C:\Documents and Settings\Jarleth McMahon\Application Data\Malwarebytes
2009-03-19 23:34:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-19 23:34:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-19 23:33:00 ----D---- C:\Program Files\Trend Micro
2009-03-19 22:47:03 ----D---- C:\Program Files\Intel driver update
2009-03-19 14:12:59 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-19 14:12:20 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-19 14:12:20 ----D---- C:\Documents and Settings\Jarleth McMahon\Application Data\SUPERAntiSpyware.com
2009-03-19 14:11:05 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-11 16:41:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 16:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 16:40:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 16:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-11 12:35:18 ----D---- C:\Documents and Settings\Jarleth McMahon\Application Data\Template
2009-02-28 03:56:58 ----D---- C:\Documents and Settings\Jarleth McMahon\Application Data\PacificPoker
2009-02-26 03:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-11 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

======List of files/folders modified in the last 3 months======

2009-04-18 19:38:43 ----D---- C:\WINDOWS\Temp
2009-04-18 19:38:22 ----D---- C:\Program Files\Mozilla Firefox
2009-04-18 19:36:34 ----A---- C:\WINDOWS\win.ini
2009-04-18 19:36:30 ----D---- C:\WINDOWS\Prefetch
2009-04-18 19:35:40 ----D---- C:\WINDOWS\system32\Lang
2009-04-18 19:35:27 ----D---- C:\WINDOWS\system32\drivers
2009-04-18 19:08:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-18 18:15:43 ----D---- C:\WINDOWS
2009-04-18 18:00:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-18 17:51:54 ----HD---- C:\WINDOWS\inf
2009-04-18 17:47:24 ----D---- C:\WINDOWS\ie7updates
2009-04-17 13:31:41 ----D---- C:\WINDOWS\Debug
2009-04-16 13:50:20 ----AD---- C:\WINDOWS\system32
2009-04-16 13:50:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 13:45:34 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 13:45:33 ----D---- C:\WINDOWS\AppPatch
2009-04-16 06:05:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-16 06:05:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 04:04:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-16 02:29:59 ----ASH---- C:\boot.ini
2009-04-16 02:29:59 ----A---- C:\WINDOWS\system.ini
2009-04-10 15:10:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-09 22:02:00 ----D---- C:\Program Files\AOL
2009-04-08 19:52:15 ----D---- C:\Documents and Settings\Jarleth McMahon\Application Data\Ahead
2009-04-08 19:41:31 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-08 18:21:53 ----D---- C:\Program Files\SpywareBlaster
2009-04-08 17:30:32 ----D---- C:\Program Files
2009-04-06 15:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-31 20:38:05 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-27 18:58:19 ----SHD---- C:\System Volume Information
2009-03-27 18:57:30 ----D---- C:\WINDOWS\repair
2009-03-27 18:57:09 ----D---- C:\WINDOWS\Registration
2009-03-26 22:12:50 ----D---- C:\Program Files\CCleaner
2009-03-26 20:40:44 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-26 20:39:19 ----A---- C:\WINDOWS\system32\igxprd32.dll
2009-03-26 20:39:18 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2009-03-26 20:39:18 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2009-03-26 20:39:18 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2009-03-26 20:39:18 ----A---- C:\WINDOWS\system32\iglicd32.dll
2009-03-26 20:39:18 ----A---- C:\WINDOWS\system32\igldev32.dll
2009-03-26 20:39:18 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2009-03-26 20:39:18 ----A---- C:\WINDOWS\system32\igfxCoIn_v4670.dll
2009-03-26 20:39:17 ----A---- C:\WINDOWS\system32\igfxtray.exe
2009-03-26 20:39:17 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2009-03-26 20:39:17 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2009-03-26 20:39:17 ----A---- C:\WINDOWS\system32\igfxress.dll
2009-03-26 20:39:17 ----A---- C:\WINDOWS\system32\igfxpph.dll
2009-03-26 20:39:17 ----A---- C:\WINDOWS\system32\igfxpers.exe
2009-03-26 20:39:16 ----A---- C:\WINDOWS\system32\igfxext.exe
2009-03-26 20:39:16 ----A---- C:\WINDOWS\system32\igfxexps.dll
2009-03-26 20:39:16 ----A---- C:\WINDOWS\system32\igfxdo.dll
2009-03-26 20:39:16 ----A---- C:\WINDOWS\system32\igfxdev.dll
2009-03-26 20:39:16 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2009-03-26 20:39:16 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-03-26 20:39:16 ----A---- C:\WINDOWS\system32\hccutils.dll
2009-03-26 20:39:16 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-03-26 20:39:16 ----A---- C:\WINDOWS\system32\difx32.dll
2009-03-26 18:29:54 ----D---- C:\WINDOWS\system32\RTCOM
2009-03-26 00:55:53 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-03-19 23:32:27 ----D---- C:\Program Files\HijackThis
2009-03-19 15:29:19 ----D---- C:\Program Files\Comodo
2009-03-19 15:28:17 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-03-19 14:28:55 ----D---- C:\Program Files\Eraser
2009-03-19 14:28:53 ----D---- C:\WINDOWS\pss
2009-03-19 14:12:26 ----SHD---- C:\WINDOWS\Installer
2009-03-19 14:11:05 ----D---- C:\Program Files\Common Files
2009-03-19 12:45:13 ----A---- C:\WINDOWS\MegaManager.INI
2009-03-18 23:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB883939$
2009-03-18 23:33:09 ----AD---- C:\WINDOWS\I386
2009-03-18 23:33:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-14 21:38:28 ----D---- C:\Program Files\Google
2009-03-14 21:38:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-03-11 16:41:10 ----D---- C:\WINDOWS\WinSxS
2009-03-11 12:35:20 ----SD---- C:\Documents and Settings\Jarleth McMahon\Application Data\Microsoft
2009-03-06 15:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-02-11 03:01:19 ----D---- C:\Program Files\Internet Explorer
2009-02-09 13:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 13:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 13:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 13:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-07 19:02:58 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-06 12:11:05 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 12:08:19 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 11:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-05 22:11:35 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-03-26 1109568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 lanusb;GlobeSpan USB ADSL LAN Modem; C:\WINDOWS\system32\DRIVERS\glausb.sys [2003-08-15 138402]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2003-07-16 221736]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 104375]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2003-08-20 548952]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2003-07-02 39348]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2005-01-13 39040]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2003-07-02 1301128]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2003-07-02 167384]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-04-28 47360]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2003-07-02 86128]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-07-02 45056]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-30 138168]

-----------------EOF-----------------

#6 Sean715

Sean715

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 18 April 2009 - 12:43 PM

info.txt logfile of random's system information tool 1.06 2009-04-18 19:39:36

======Uninstall list======

-->C:\PROGRA~1\AOL\BROADB~1\Uninstall.exe aoluk
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Advanced WindowsCare Personal 2.6.0-->"C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
AOL Broadband Check-Up-->C:\WINDOWS\Motive\aoluk\MCCUninst.exe
AOL Coach Version 1.0(Build:20040229.1 uk)-->"C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BT Voyager 105 ADSL Modem-->C:\Program Files\BT Voyager 105 ADSL Modem\uninstall.exe
BT Voyager Modem AOL Test-->C:\WINDOWS\AppRun.exe C:\PROGRA~1\VOYAGE~1
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Eraser-->"C:\Program Files\Eraser\unins000.exe"
Glarysoft Registry Repair 2.7-->"C:\Program Files\Registry Repair\unins000.exe"
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Graph 4.0.1-->"C:\Program Files\Graph\uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 2.72 Standard-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LaserAge-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ingava.com\LaserAge\Uninst.isu"
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
MetaStock Professional 7.02-->C:\WINDOWS\IsUninst.exe -fc:\EQUIS2\Uninst.isu
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Excel 97-->C:\Program Files\Microsoft Office\Office\Setup\AcmeXl.exe /w Excel97.stf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Small Business Financial Manager 98-->C:\Program Files\Microsoft Office\Office\SBFM\Setup\sbfmstp.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 97-->C:\Program Files\Microsoft Office\Office\Setup\AcmeWord.exe /w Word97.stf
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Moffsoft FreeCalc-->"C:\Program Files\Moffsoft FreeCalc\unins000.exe"
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 3-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NeroVision Express Content-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
Office 97 Small Business Edition Local Content-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\DeIsL1.isu
Pacific Poker-->C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
Poker Academy 2-->"C:\Program Files\PokerAcademy2\uninstall.exe"
QHLive Player-->"C:\WINDOWS\QHLive Player\uninstall.exe" "/U:C:\Program Files\QHLiveII\Uninstall\uninstall.xml"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r
Registry Jumper 2.0-->C:\Program Files\Registry Jumper\uninst.exe
Security Task Manager 1.7d-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Smart Link 56K Modem-->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch Off-->"C:\Program Files\Switch Off\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Texas Hold'em 3D XP Championship-->"C:\Program Files\Selectsoft\Texas Hold'em 3D XP Championship\uninstall.exe"
The Britannica Quizmaster Ver. 2.0-->MsiExec.exe /X{6B4C5AE5-A97A-11D8-971C-000A9A00DB3E}
TreeSize Free V2.0-->"C:\Program Files\JAM Software\TreeSize Free\unins000.exe"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinASO Registry Optimizer 3.0.6-->"C:\Program Files\WinASO\Registry Optimizer 3.0\unins000.exe"
WinASO Registry Optimizer 3.2-->"C:\Program Files\WinASO\Registry Optimizer 3.2\unins000.exe"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Hotfix - KB895181-->"C:\WINDOWS\$NtUninstallKB895181$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB888656-->"C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Registry Guide 2003-->"C:\Program Files\WinGuides\unins000.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2007 Restore/Remove First-->C:\Program Files\WinPatrol\WinPatrolEx.exe -remove
WinPatrol 2007 Step 2-->MsiExec.exe /X{736CE9DD-F589-485B-ACFF-78C235A57066}
WinPatrol 2008-->C:\PROGRA~1\WINPAT~1\Setup.exe /remove /q0
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

=====HijackThis Backups=====

O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) [2009-04-18]
O20 - AppInit_DLLs: [2009-04-18]
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2009-04-18]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-04-18]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-04-18]
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) [2009-04-18]

======Hosts File======

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090418-0]
FW: ZoneAlarm Firewall

======System event log======

Computer Name: JARLETH
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0011F538EEEF. The IP address being used is 169.254.214.56.

Record Number: 2667
Source Name: Dhcp
Time Written: 20090412015349.000000+060
Event Type: warning
User:

Computer Name: JARLETH
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0011F538EEEF. The IP address being used is 169.254.214.56.

Record Number: 2640
Source Name: Dhcp
Time Written: 20090412014313.000000+060
Event Type: warning
User:

Computer Name: JARLETH
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0011F538EEEF. The IP address being used is 169.254.214.56.

Record Number: 2617
Source Name: Dhcp
Time Written: 20090412010826.000000+060
Event Type: warning
User:

Computer Name: JARLETH
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0011F538EEEF. The IP address being used is 169.254.214.56.

Record Number: 2588
Source Name: Dhcp
Time Written: 20090412010353.000000+060
Event Type: warning
User:

Computer Name: JARLETH
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0011F538EEEF. The IP address being used is 169.254.214.56.

Record Number: 2560
Source Name: Dhcp
Time Written: 20090412002555.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: JARLETH
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20080.4669, faulting module nss3.dll, version 3.11.9.0, fault address 0x0003187f.

Record Number: 14201
Source Name: Application Error
Time Written: 20080828031159.000000+060
Event Type: error
User:

Computer Name: JARLETH
Event Code: 1000
Message: Faulting application realplay.exe, version 6.0.12.1662, faulting module wmp.dll, version 11.0.5721.5230, fault address 0x002f3bd9.

Record Number: 12871
Source Name: Application Error
Time Written: 20080106013905.000000+000
Event Type: error
User:

Computer Name: JARLETH
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20071.816, faulting module jpinscp.dll, version 6.0.30.5, fault address 0x00002090.

Record Number: 12350
Source Name: Application Error
Time Written: 20071024183339.000000+060
Event Type: error
User:

Computer Name: JARLETH
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20071.816, faulting module jpinscp.dll, version 6.0.30.5, fault address 0x00002090.

Record Number: 12349
Source Name: Application Error
Time Written: 20071024120921.000000+060
Event Type: error
User:

Computer Name: JARLETH
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20070.25881, faulting module unknown, version 0.0.0.0, fault address 0x01fcfe34.

Record Number: 12302
Source Name: Application Error
Time Written: 20071019151605.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8

-----------------EOF-----------------

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 18 April 2009 - 02:07 PM

Hi,

The only thing I can identify is some problems with FireFox.

Download the latest version.

Remove the current one via the Add/Remove programs list.

Reinstall the newly downloaded version. When you do please make ensure that your are disconnected from the Internet and that all your programs are disabled as well as your security programs.

If the problem remains it may just be that you have some bad ram.

Please keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 Sean715

Sean715

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 19 April 2009 - 03:56 AM

Hi,

The only thing I can identify is some problems with FireFox.

Download the latest version.

Remove the current one via the Add/Remove programs list.

Reinstall the newly downloaded version. When you do please make ensure that your are disconnected from the Internet and that all your programs are disabled as well as your security programs.

If the problem remains it may just be that you have some bad ram.

Please keep me posted.



OK nasdaq will do.

#9 Sean715

Sean715

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 19 April 2009 - 03:43 PM

Hi nasdaq, thanks very much for your help and feedback.

I removed my original version of Firefox and downloaded the updated version in accordance.

Whilst I swapped out the the two RAM modules before my original post, I repeated the exercise switching modules between both module holders. I am still getting the reboots but they are not as frequent.

Is it likely that both modules are bad? I bought the PC with 512k RAM 3 years ago and bought a mirror module about a year after.

Again thanks for your help

Edited by Sean715, 20 April 2009 - 05:39 AM.


#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 20 April 2009 - 08:59 AM

The second bar may be faulty.

You can test your RAM with this tool.

You can order the tool and get a free download.

http://www.memtest86.com/

Once you have downloaded the program for your windows program.
Select Technical info and then Windows installation.

Follow the instruction to burn the cd.

When done.

Please the CD in your Driver and restart the computer.

The test may take some time.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 Sean715

Sean715

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 21 April 2009 - 06:55 PM

Hi again nasdaq.

I followed the instructions and managed to run memtest-86 v3.5 using each module singularly and swapping them between DIMM slots. The test showed no errors after 3 passes. I also ran the test with both modules in place and the test also came up with no errors after 3 passes.

I immediately rebooted my system into normal mode and the random reboots were not so random. My system rebooted after a few minutes on 4 occasions. However it appears that my system is a bit more stable when I have only one module in place.

I'm absolutely lost on this one. Do you think it is the CPU/motherboard? Will a reinstall to factory defaults possibly solve my problems? I also notice that 3 recent Windows updates, whilst downloaded, fail to install.

Thanks again for all your help.

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 22 April 2009 - 07:49 AM

However it appears that my system is a bit more stable when I have only one module in place.


Did you add some RAM recently?
===

Are you letting Windows Manage it's Virtual Memory.

Search for Virtual Memory in the Help file.
====

Look at this article:
RAM, Virtual Memory, Pagefile and all that stuff
http://support.microsoft.com/kb/555223
===

I also notice that 3 recent Windows updates, whilst downloaded, fail to install.


Lets check for malware.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Look at this tutorial if assistance is needed.
http://www.bleepingc...opic131299.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 Sean715

Sean715

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 22 April 2009 - 12:26 PM

Hi nasdaq.


I bought the machine 3 years ago with 512 MB of Ram and added a second 512MB module with exact same spec as original 2 years ago. The stability issue I was referring to is the fact that the reboots appear to be less frequent with one module in place than with them both in place.


I looked at my Virtual memory and it appears Windows does not manage it. The custom size tab is checked in the paging file size for selected drive section.

Initial size (MB) is set at 512
Max size (MB) is set at 1512


Under Total paging file size for all drives

Min allowed is set at 2MB
Recommended is 753MB
Currently allocated is set at 512 MB


I have posted the SDFix Report.txt file and updated HJT log below.

SDFix: Version 1.240
Run by Jarleth McMahon on 04/22/2009 at 17:21

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 17:30:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\1144959581\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1144959581\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Tue 22 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 22 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 22 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 27 May 2008 145,920 ..SHR --- "C:\Program Files\WinPatrol\Setup.exe"
Thu 28 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 5 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 9 Apr 2009 856 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"

Finished!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:19, on 04/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\AOL\1144959581\ee\AOLSoftware.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1144959581\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1144959581\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\PROGRA~1\AOL9~1.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yah...?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144959581\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://channels.aolsvc.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151003566812
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BB2DFF7-60F6-416C-B70F-C506C2E6673A}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{621CD8C5-DFB3-41E1-AAB7-61B5BED8676B}: NameServer = 92.31.242.20 92.31.242.21
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.westhamonline.net/dot.gif

--
End of file - 7548 bytes

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 23 April 2009 - 07:30 AM

I would let Windows Manage my Virtual memory.

Check this link.

http://forums.cnet.c...threadID=203990

Let me know how it goes.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 Sean715

Sean715

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 24 April 2009 - 08:58 AM

I would let Windows Manage my Virtual memory.

Check this link.

http://forums.cnet.c...threadID=203990

Let me know how it goes.



Hi nasdaq.

I changed the settings to let Windows manage Virtual memory as you advised, but I am still getting an occasional random reboot, albeit less frequently.

#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 25 April 2009 - 09:36 AM

Well it could be some other hardware problem.

Heat in the computer box can be the cause.
Make usre the fans are clean. One on the CPU and the other on the back of the computer box.
Leave the box open and see if you get more mileage.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 Sean715

Sean715

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 27 April 2009 - 04:50 AM

Hi nasdaq.

I dont think it's a heat problem. As I posted before I had a high speed fan blowing into the CPU whilst the cover was off and I was still getting reboots.

I'm going to try a reinstall - still think there may be some sort of virus that has corrupted my system files. Thanks very much for your help anyway.

#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 11 May 2009 - 07:44 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button