Wife's Computer - Slower than normal

[viampyri]

Hey guys,

Just want to say always appreciate the help you all give!

My wife's computer has been acting strangely such as being much slower than normal and randomly freezing and I'm unsure if this is due to anything that may have infected her computer, so I'm asking for any help you may give.

Thank You!

*edit* Added HJT Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:38:14 PM, on 12/3/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8317 bytes

[Jintan]

Hello viampyri,

Just FYI - many of the tools we use here are not yet updated from Windows 7, and/or 64 bit systems, so the logs those create may not be accurate (such as all the incorrect "file missing" entries in this log). Since it is Windows 7, also be sure to run any scan tools we use here by right clicking the file, and selecting "Run as administrator).


Not seeing any malware in this log. It does show many nVidia filter settings in the LSP chain there. Not sure how it might impact non-Internet activities, but if all net traffic has to go through some of their functions, it could slow down Internet speeds. But I am not too familiar with the nVidia utility program that creates them.

Any chance this utility is a recent install there?

--------------------


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.



Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If RSIT downloads/installs HijackThis be sure to agree to the install of that.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-------------

Also download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\

mbr.exe -t

Then type exit and press Enter to close the command window.

The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please.

A lot of posting, but a good comprehensive look at things there.

[viampyri]

1.) Any chance this utility is a recent install there? (I am unsure of when this was installed)

2.)Logfile of random's system information tool 1.08 (written by random/random)
Run by Adrian at 2010-12-03 21:12:41
Microsoft Windows 7 Home Premium
System drive C: has 81 GB (34%) free of 238 GB
Total RAM: 5119 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:12:48 PM, on 12/3/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Adrian\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Adrian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8336 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4F90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll [2010-11-02 160320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe [2010-11-02 71216]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-09-08 421888]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-11-17 421160]

C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-03 21:12:41 ----D---- C:\rsit
2010-12-03 13:36:19 ----D---- C:\Program Files (x86)\Trend Micro
2010-11-30 15:53:42 ----RHD---- C:\Users\Adrian\AppData\Roaming\SecuROM
2010-11-30 15:43:14 ----A---- C:\Windows\SysWOW64\vp6vfw.dll
2010-11-30 15:43:01 ----D---- C:\Program Files (x86)\Microsoft WSE
2010-11-30 14:11:10 ----D---- C:\ProgramData\Electronic Arts
2010-11-30 14:11:04 ----D---- C:\Program Files (x86)\Electronic Arts
2010-11-23 14:09:47 ----D---- C:\Program Files (x86)\iTunes
2010-11-21 18:55:51 ----A---- C:\Windows\SysWOW64\OpenCL.dll
2010-11-21 18:55:51 ----A---- C:\Windows\SysWOW64\nvwgf2um.dll
2010-11-21 18:55:51 ----A---- C:\Windows\SysWOW64\nvoglv32.dll
2010-11-21 18:55:51 ----A---- C:\Windows\SysWOW64\nvdecodemft.dll
2010-11-21 18:55:51 ----A---- C:\Windows\SysWOW64\nvcuvid.dll
2010-11-21 18:55:51 ----A---- C:\Windows\SysWOW64\nvcuvenc.dll
2010-11-21 18:55:51 ----A---- C:\Windows\SysWOW64\nvcuda.dll
2010-11-21 18:55:51 ----A---- C:\Windows\SysWOW64\nvcompiler.dll
2010-11-21 18:55:51 ----A---- C:\Windows\SysWOW64\nvapi.dll
2010-11-21 18:46:25 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2010-11-08 01:30:20 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-11-08 01:29:28 ----D---- C:\ProgramData\McAfee
2010-11-04 16:31:49 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-11-04 16:31:49 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-11-04 16:31:49 ----A---- C:\Windows\SysWOW64\java.exe

======List of files/folders modified in the last 1 months======

2010-12-03 21:12:53 ----D---- C:\Windows\Prefetch
2010-12-03 20:38:22 ----D---- C:\Windows\Temp
2010-12-03 19:01:58 ----D---- C:\Program Files (x86)\World of Warcraft
2010-12-03 18:51:43 ----D---- C:\Windows\System32
2010-12-03 18:38:13 ----SHD---- C:\System Volume Information
2010-12-03 13:36:20 ----SHD---- C:\Windows\Installer
2010-12-03 13:36:19 ----SHD---- C:\Config.Msi
2010-12-03 13:36:19 ----RD---- C:\Program Files (x86)
2010-12-02 23:14:37 ----D---- C:\Windows\inf
2010-12-02 23:07:41 ----D---- C:\ProgramData\NVIDIA
2010-12-02 23:07:21 ----HD---- C:\ProgramData
2010-12-02 23:06:39 ----A---- C:\bdlog.txt
2010-11-30 15:43:14 ----D---- C:\Windows\SysWOW64
2010-11-30 15:43:08 ----RSD---- C:\Windows\assembly
2010-11-30 15:42:33 ----D---- C:\Windows\winsxs
2010-11-30 15:36:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-11-30 13:42:29 ----D---- C:\Program Files (x86)\Internet Explorer
2010-11-23 14:09:48 ----RD---- C:\Program Files
2010-11-23 14:09:48 ----D---- C:\Program Files (x86)\Common Files\Apple
2010-11-21 23:38:38 ----D---- C:\Windows\rescache
2010-11-21 20:44:32 ----D---- C:\Windows
2010-11-21 19:46:49 ----D---- C:\Windows\Microsoft.NET
2010-11-21 18:48:45 ----D---- C:\Windows\ehome
2010-11-21 18:47:29 ----D---- C:\Windows\AppPatch
2010-11-09 02:21:13 ----D---- C:\Program Files (x86)\World of Warcraft Beta
2010-11-08 01:30:25 ----D---- C:\ProgramData\Adobe
2010-11-08 01:30:20 ----D---- C:\Program Files (x86)\Common Files
2010-11-04 16:31:45 ----D---- C:\Program Files (x86)\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys []
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-11-02 88144]
R1 bdfwfpf;bdfwfpf; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-11-02 99408]
R1 Bdvedisk;BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys []
R3 BDFM;BDFM; C:\Windows\system32\DRIVERS\bdfm.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys []
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []
S4 avc3;avc3; C:\Windows\system32\DRIVERS\avc3.sys []
S4 avckf;avckf; C:\Windows\system32\DRIVERS\avckf.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe [2009-08-10 626208]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-08-10 206880]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 Updatesrv;BitDefender Desktop Update Service; C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2010-11-02 52200]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe [2010-11-11 2539096]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-17 932640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe [2010-03-18 138576]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 357456]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Update Server;BitDefender Update Server v2; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-02 467248]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

[viampyri]

3.) info.txt logfile of random's system information tool 1.08 2010-12-03 21:12:55

======Uninstall list======

-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_P lugin.exe -maintain plugin
Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
CivCity-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~2\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{994E24A6-EC47-4201-8D0B-D4563B7AD66B}\setup.exe" -l0x9 -removeonly
Civilization III Complete Edition-->C:\Program Files (x86)\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF}
Dragon Age: Origins-->C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age.exe
EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\EADMUninstall.exe
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SOAP Toolkit 3.0-->MsiExec.exe /I{BCB4C18A-ACA6-4383-8688-E19933A705DD}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.6.12)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA ForceWare Network Access Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\S etupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Sid Meier's Pirates!-->C:\Program Files (x86)\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033
System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
The Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======System event log======

Computer Name: Adrian-PC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB978886).
Record Number: 723
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20100827155147.087600-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Adrian-PC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x800f0902: Microsoft .NET Framework 3.5 SP1 Security Update for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB979916).
Record Number: 722
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20100827155147.072000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Adrian-PC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB981852).
Record Number: 721
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20100827155147.072000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Adrian-PC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2183461).
Record Number: 720
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20100827155147.072000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 219
Message: The driver \Driver\tunnel failed to load for the device ROOT\*ISATAP\0000.
Record Number: 218
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20100827162516.110000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Adrian-PC
Event Code: 6004
Message: The winlogon notification subscriber <TrustedInstaller> failed a critical notification event.
Record Number: 295
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100827164258.000000-000
Event Type: Warning
User:

Computer Name: Adrian-PC
Event Code: 1003
Message: Certificate Services Client failed to invoke the Providers in response to event 256. Error code 2147942432.
Record Number: 294
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100827164248.673600-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Adrian-PC
Event Code: 1001
Message: Certificate Services Client failed to load Provider pautoenr.dll. Error code 32.
Record Number: 293
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100827164248.673600-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Adrian-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1930955561-1241857746-29581292-1000:
Process 448 (\Device\HarddiskVolume1\Windows\System32\winlogon .exe) has opened key \REGISTRY\USER\S-1-5-21-1930955561-1241857746-29581292-1000

Record Number: 194
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100827153640.107600-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Adrian-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 114
Source Name: Microsoft-Windows-Search
Time Written: 20100827153239.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100827162346.597200-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x1d0
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100827162346.597200-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x301b8
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100827162346.300800-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100827162344.584800-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100827162344.428800-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%Sy stemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\ System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerS hell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"asl.log"=Destination=file;OnFirstLog=command,envi ronment,parent
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[viampyri]

so click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.



I did the above, and it ran; said it didn't find anything, but when I tried to copy it it wouldn't copy anything.

[viampyri]

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR

Disk trace:
error: Read The handle is invalid.
kernel: error reading MBR

[Jintan]

I have a habit of using the same tried and true intro scans here, so that mbr.exe step hitched a ride, but was really meant for 32 bit systems. If Gmer located nothing, it pretty much has nothing for a log either. Which is a good sign.

I don't recall ever seeing this before:



Is BitDefender a recent install? I would like us to do one other comprehensive scan, but so far nothing is pointing at malware as a source of the problems.

Computer Name: Adrian-PC

Computer Name: 37L4247E29-32

Not only two different names for one computer, but also web searches to quite a few other computers that have those same names. I am assuming they are generic, and a default choice if the new computer owner declines to select a name.


Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

[viampyri]

Bitdefender is not a recent install; it's usually one of the first things I install when "re-doing" her comp. A couple months back I upgraded her from 32-bit to 64-bit and everything had to be a fresh install like after having to reformat.

I am unsure as to why the computer has 2 names, to my knowledge it was just supposed to be Adrian-PC.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=98cdb2c6f475d04e892f5aefc2a60ba6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-05 06:15:53
# local_time=2010-12-05 11:15:53 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 7724785 43113889 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=191391
# found=0
# cleaned=0
# scan_time=2514


*edit*
if everything looks ok to you and no more scanning is needed, is there a forum you can direct me to to help "optimize" her PC? I only ask b/c her comp has better hardware than mine save for the HD (she has standard 7200 rpm and I have 10000 rpm) and my comp opens and runs everything better than hers from the internet, to files on comp, to games.

[Jintan]

We don't seem to need run any other malware type scans. For the type of slowness you mention, it is less likely a need to "optimize", and more likely need to ID the primary problems. Then change those, disable, uninstall and/or replace them. If your computer is not using BitDefender, that is one area to consider changing.

However, I think those NVidia filters loaded into the Winsock there are part of the issues, as well as the ForceWare Intelligent Application Manager and NetworkAccessManager services and functions. In a quick web check I see quite a few slowness problem discussions about these, as well as how to disable them, or even delete them. I would suggest starting a new request on this issue in the CTH Hardware forum, where more knowledgeable about these can provide some ideas.

Probably want to revisit this there as well:

Quote:

upgraded her from 32-bit to 64-bit

A pretty radical change, and though you mention it being almost a new install, maybe some wrong drivers were used afterwards. For now I am assuming that created the situation of two computer names, yet here again suggests possible software issues as well.


For what our work added to your system, you can delete any files/folders we made, and can uninstall Eset through Programs and features.

[Jintan]

Had this in an open tab but hadn't looked at it. Probably bumps the nVidia Manager apps up to the top of the slowness source list.