Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Verrrrrry slow PC - don't know if it's malware or not

Started by dan1701a , Sep 08 2009 06:10 PM

  • Please log in to reply

#1
dan1701a
Posted 08 September 2009 - 06:10 PM

dan1701a

    New Member

  • Member
  • Pip
  • 6 posts
I just came upon your forum, especially the malware cleaning guide, and I'm hopeful it can solve a problem. My wife's PC (GQ 1.6 gHz Celeron, 2 GB RAM, 80 gb HDD, Intel 945 gfx) has been running very slow over the past couple of days. I downloaded the files noted in the guide (TFC, SysRestorePoint ERUNT, MBAM, RootRepeal, and OTL), performed the necessary scans, and following are the MBAM, RootRepeal, OTL and Extras logs:

MBAM:
Malwarebytes' Anti-Malware 1.40
Database version: 2761
Windows 6.0.6002 Service Pack 2

9/8/2009 6:47:45 PM
mbam-log-2009-09-08 (18-47-45).txt

Scan type: Quick Scan
Objects scanned: 81459
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

RootRepeal:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/08 18:49
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8C918000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8CA00000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAFA1F000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1168 Status: Locked to the Windows API!

==EOF==

OTL:
OTL logfile created on: 9/8/2009 6:51:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Doris\Favorites\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.55% Memory free
4.00 Gb Paging File | 3.22 Gb Available in Paging File | 80.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 48.07 Gb Free Space | 64.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DORIS-PC
Current User Name: Doris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/04/10 23:27:38 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/03/18 16:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2007/10/12 09:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/01/18 23:33:42 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/01/18 23:33:16 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/18 23:38:40 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/08/17 11:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2006/12/10 21:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/02/11 20:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/02/11 20:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/05/30 21:43:43 | 06,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/02/11 20:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/01/18 23:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2009/04/10 23:28:10 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/18 23:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/04/10 23:28:16 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/10/16 20:12:28 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/03 21:58:42 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/08 18:31:32 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Doris\Favorites\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/03/18 16:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/29 21:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/04/10 23:28:26 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/02/18 11:39:22 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/01/03 20:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/11/19 19:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2009/02/18 11:38:44 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/01/18 23:34:44 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC [Auto | Running])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2009/02/18 11:38:44 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/10/12 09:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/01/18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/18 23:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/29 19:10:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/01 10:58:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/07 19:57:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/07 19:57:49 | 00,000,000 | ---D | M]

[2008/09/20 18:35:54 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Extensions
[2008/09/20 18:35:54 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/08 17:04:36 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Firefox\Profiles\arscbqdw.default\extensions
[2009/08/01 11:44:39 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Firefox\Profiles\arscbqdw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/01 16:18:51 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Firefox\Profiles\arscbqdw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/01/01 18:39:24 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Firefox\Profiles\arscbqdw.default\extensions\[email protected]
[2009/01/01 18:38:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/03 21:58:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/11/07 21:54:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/17 20:33:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/08/03 21:58:42 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/03 21:58:42 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/08/03 21:58:43 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/10/07 05:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/09/07 19:57:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/07 19:57:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/07 19:57:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/07 19:57:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/07 19:57:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2006/10/07 05:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/18 20:10:02 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/18 20:10:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/18 20:10:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/18 20:10:02 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/18 20:10:02 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/18 20:10:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/18 20:10:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55054949-da75-11db-a535-0011a3014418}\Shell - "" = AutoRun
O33 - MountPoints2\{55054949-da75-11db-a535-0011a3014418}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{73452b3f-1ffa-11dc-83ac-001921d10b4b}\Shell - "" = AutoRun
O33 - MountPoints2\{73452b3f-1ffa-11dc-83ac-001921d10b4b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/08 18:42:20 | 00,000,000 | ---D | C] -- C:\Users\Doris\AppData\Roaming\Malwarebytes
[2009/09/08 18:42:17 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/08 18:42:15 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/08 18:42:13 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/08 18:42:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/08 18:42:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/08 18:41:34 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/08 18:41:18 | 00,000,733 | ---- | C] () -- C:\Users\Doris\Desktop\NTREGOPT.lnk
[2009/09/08 18:41:18 | 00,000,714 | ---- | C] () -- C:\Users\Doris\Desktop\ERUNT.lnk
[2009/09/08 18:41:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/07 19:59:49 | 00,000,000 | ---D | C] -- C:\Users\Doris\AppData\Roaming\Apple Computer
[2009/09/07 19:59:42 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/07 19:59:09 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/09/07 19:58:47 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/07 19:58:44 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/07 19:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/07 19:58:07 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/09/07 19:57:40 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/09/07 19:57:18 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/09/07 19:57:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/09/07 19:55:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/09/07 19:20:21 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/09/07 15:02:30 | 00,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2009/09/07 10:57:31 | 00,107,100 | ---- | C] () -- C:\Users\Public\Documents\Walgreens.com - Local Weekl...pdf
[2009/09/05 22:56:38 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/09/05 22:56:38 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/09/05 22:56:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/09/05 22:54:58 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/09/05 22:54:27 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/09/05 22:51:04 | 00,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2009/09/05 22:39:19 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/09/05 22:39:18 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/09/05 22:39:18 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/09/05 22:39:07 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/09/05 22:39:05 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/05 22:39:03 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/09/05 22:38:32 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/09/05 22:38:31 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/09/05 22:38:29 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/09/05 22:38:22 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/05 22:38:19 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/05 22:38:19 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/05 22:38:11 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/09/05 22:38:10 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/09/05 22:38:08 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/09/05 22:36:08 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/09/05 22:22:19 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2009/09/05 21:27:37 | 00,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2009/09/05 21:26:46 | 00,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2009/09/05 21:25:54 | 00,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2009/09/05 21:25:53 | 00,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2009/09/05 21:25:53 | 00,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2009/09/05 21:25:46 | 00,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2009/09/05 21:20:10 | 00,131,072 | ---- | C] () -- C:\Windows\SPInstall.etl
[2009/09/05 21:19:56 | 00,000,000 | ---D | C] -- C:\5569aa745c1d71129550d743801d
[2009/08/29 19:38:56 | 00,000,000 | ---D | C] -- C:\Users\Doris\AppData\Local\Apple
[2009/08/29 19:38:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/08/29 19:38:53 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

========== Files - Modified Within 14 Days ==========

[2009/09/08 18:50:00 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{92C99F14-099B-41B9-A2A3-B661BB9C5721}.job
[2009/09/08 18:42:50 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/08 18:42:50 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/08 18:42:50 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/08 18:42:17 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/08 18:41:18 | 00,000,733 | ---- | M] () -- C:\Users\Doris\Desktop\NTREGOPT.lnk
[2009/09/08 18:41:18 | 00,000,714 | ---- | M] () -- C:\Users\Doris\Desktop\ERUNT.lnk
[2009/09/08 18:36:49 | 00,005,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/08 18:36:49 | 00,005,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/08 18:36:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/08 18:36:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/08 18:26:21 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/09/07 21:12:00 | 02,276,589 | -H-- | M] () -- C:\Users\Doris\AppData\Local\IconCache.db
[2009/09/07 20:45:59 | 00,014,336 | ---- | M] () -- C:\Users\Doris\Documents\weekly budget.xls
[2009/09/07 19:59:42 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/07 19:57:40 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/09/07 19:27:49 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/09/07 15:02:30 | 00,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2009/09/07 10:57:02 | 00,107,100 | ---- | M] () -- C:\Users\Public\Documents\Walgreens.com - Local Weekl...pdf
[2009/09/06 10:31:31 | 00,001,670 | ---- | M] () -- C:\Users\Doris\Desktop\CCleaner.lnk
[2009/09/05 22:59:35 | 00,268,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/05 22:54:58 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/09/05 22:54:27 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/09/05 22:32:28 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/09/05 22:06:58 | 00,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2009/09/05 22:06:52 | 00,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2009/09/05 21:56:46 | 00,131,072 | ---- | M] () -- C:\Windows\SPInstall.etl

========== LOP Check ==========

[2009/09/08 18:42:20 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming
[2007/05/18 16:58:02 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\Everest Labs
[2009/03/12 20:10:02 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\Image Zone Express
[2007/06/07 16:11:19 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\Printer Info Cache
[2008/08/16 16:46:13 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\Skinux
[2007/03/24 22:02:56 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\Thunderbird
[2007/04/25 19:30:10 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\U3
[2009/09/08 18:36:41 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/08 18:35:44 | 00,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/08 18:50:00 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{92C99F14-099B-41B9-A2A3-B661BB9C5721}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2009/04/10 23:28:26 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >

Extras.txt:

OTL Extras logfile created on: 9/8/2009 6:51:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Doris\Favorites\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.55% Memory free
4.00 Gb Paging File | 3.22 Gb Available in Paging File | 80.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 48.07 Gb Free Space | 64.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DORIS-PC
Current User Name: Doris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9BAEB571-6784-4E41-B9BA-8205E1BE5747}" = lport=139 | protocol=6 | dir=in | name=samba printing |
"{9D05752C-D1D7-4F76-BAE5-C9185C9B10C5}" = lport=137 | protocol=17 | dir=in | name=samba printing |
"{D879FDBE-2AD3-45AA-B924-7FBD7952095C}" = lport=138 | protocol=6 | dir=in | name=samba printing |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3BC35A08-CF2A-452C-B672-FE831C39BE6A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7949053B-C866-4375-999F-C669D1C32F0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8535CCF5-3EEE-4CE5-A58A-EFF7578E8781}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{997B07A4-CE6C-4B2C-AB90-398A16867CF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD0E45B3-52BD-4231-8262-DF2B93DBE784}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C59BE561-95C9-4DE9-AB8A-ED58C45AD77A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F03D05C3-C3AA-4E95-9D3D-FBCCA2FE0301}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{66AC1802-27AC-49D1-B8F5-83B21F8796A6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8AAD7CCC-320B-4493-A823-E9A7D0572256}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1837046D-29A6-4CD3-B03B-494AC104CBFF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5063DEA7-B5C2-4F7C-87CF-6B548A8204DC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EAEB0A6-582A-490B-B075-D837677365C2}" = 2WIREUSBWLANInstaller
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3CE11B98-C61C-4692-9E0E-59934761C3BE}" = 2Wire Wireless Manager
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"ERUNT_is1" = ERUNT 1.1j
"Formatta Filler 7.0" = Formatta Filler 7.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mozilla Thunderbird (1.5)" = Mozilla Thunderbird (1.5)
"Picasa 3" = Picasa 3
"RealAlt_is1" = Real Alternative 1.51
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/22/2007 12:54:18 AM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.

Error - 4/22/2007 11:06:53 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.

Error - 5/12/2007 6:38:43 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.

Error - 5/15/2007 11:29:01 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.

Error - 5/18/2007 12:44:30 AM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.

Error - 5/26/2007 12:06:32 AM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.

Error - 5/28/2007 11:38:40 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.

Error - 6/1/2007 12:05:56 AM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.

Error - 6/1/2007 11:09:32 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.

Error - 6/21/2007 11:28:19 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.

[ Application Events ]
Error - 9/5/2009 11:25:47 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/5/2009 11:41:59 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/5/2009 11:24:30 PM | Computer Name = Doris-PC | Source = WerSvc | ID = 5007
Description =

Error - 9/5/2009 11:33:19 PM | Computer Name = Doris-PC | Source = ESENT | ID = 215
Description = WinMail (1272) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 9/6/2009 12:25:10 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/6/2009 11:27:30 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/6/2009 12:18:00 PM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/7/2009 10:24:49 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/7/2009 8:25:17 PM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/8/2009 7:54:11 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 9/8/2009 11:01:15 AM | Computer Name = Doris-PC | Source = bowser | ID = 8003
Description =

Error - 9/8/2009 7:33:19 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/8/2009 7:33:19 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/8/2009 7:33:20 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/8/2009 7:33:20 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/8/2009 7:33:21 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/8/2009 7:33:27 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/8/2009 7:33:27 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/8/2009 7:38:23 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 9/8/2009 7:38:23 PM | Computer Name = Doris-PC | Source = LSM | ID = 1048
Description =


< End of report >

As you can see, there are quite a number of errors in the "extras" log. I should also tell you that I recently updated the PC with Windows Vista Service Pack 1 and Service Pack 2, in that order. I have not yet updated to Internet Explorer 8, and I'm frankly afraid to, because the last time I did it got stuck in an endless restart loop and I had to use the repair console to fix the install of Windows. Any help you can provide would be greatly appreciated. Thanks.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP