Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

infection unknown, very very slow PC

Started by lee.s , Dec 19 2009 06:55 PM

  • Please log in to reply

#1
lee.s
Posted 19 December 2009 - 06:55 PM

lee.s

    New Member

  • Member
  • Pip
  • 2 posts
greetings from snowy virginia, 18" and counting. thanks in advance for your help.

a well maintained PC started running very slow, slow booting xp, slow loging in, slow openning programs, slow loading a web site with explorer, slow refresh on the screen. good example, when i minimize a window, it can take about 10 seconds completely minimize, line-by-line. most of the time typing is fast. sometimes there is some lag before the first character is shown on the screen, but then it is fine.

virus protection by Norton. i run reg-cure, ad-aware and malware bytes regularly.

GMER.exe would hang at different file during scan after multiple attemps.

malware bytes log
Malwarebytes' Anti-Malware 1.42
Database version: 3383
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/17/2009 10:06:12 PM
mbam-log-2009-12-17 (22-06-12).txt

Scan type: Quick Scan
Objects scanned: 145673
Time elapsed: 17 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL.txt log
OTL logfile created on: 12/18/2009 5:34:10 PM - Run 1
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 201.18 Mb Available Physical Memory | 39.97% Memory free
1.20 Gb Paging File | 0.76 Gb Available in Paging File | 63.03% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.00 Gb Total Space | 44.81 Gb Free Space | 30.28% Space Free | Partition Type: NTFS
Drive D: | 4.66 Gb Total Space | 0.79 Gb Free Space | 16.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-7008FFA13B
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/18 17:30:40 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2009/11/30 17:30:21 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/30 17:30:11 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/29 15:53:52 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/21 14:46:58 | 12,993,816 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/03/18 15:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/06/19 19:14:28 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/09/21 15:32:56 | 02,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 10:24:02 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/05/03 18:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2004/11/02 09:03:44 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2004/08/03 16:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/06/29 19:06:38 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2003/02/11 22:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2002/07/11 07:06:23 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/18 17:30:40 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2009/11/29 15:53:27 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\asOEHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/30 17:30:11 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/29 15:53:52 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe -- (N360)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/03/24 00:13:06 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/03/18 15:27:12 | 00,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/01/05 00:06:02 | 00,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.c...;from=whatwhere
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 08:39:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{201d6586-b5d8-11dd-b57b-00112fd80044}\Shell - "" = AutoRun
O33 - MountPoints2\{201d6586-b5d8-11dd-b57b-00112fd80044}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/12/29 14:17:22 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/18 17:30:31 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2009/12/17 21:46:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/17 21:46:28 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/17 21:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/17 21:45:39 | 04,844,272 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup.exe
[2009/12/17 21:04:26 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Compaq_Owner\Desktop\erunt_setup.exe
[2009/12/17 20:59:04 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Compaq_Owner\Desktop\SysRestorePoint.exe
[2009/12/17 19:26:39 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\temp file cleaner.exe
[2008/08/19 14:59:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/08/18 16:20:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/05/10 16:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/24 18:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/01/24 18:54:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/01/21 21:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/01/17 09:47:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/01/17 09:47:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2004/08/10 08:43:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/10 08:43:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2 C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/18 17:30:40 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2009/12/18 17:15:30 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/18 17:11:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/18 17:09:17 | 00,000,452 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/12/18 17:07:45 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/12/18 17:06:41 | 00,000,392 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/12/18 17:04:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/18 17:04:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/18 17:03:43 | 52,781,4656 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/18 09:25:27 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2009/12/18 09:02:32 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2009/12/18 09:02:31 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\NTUSER.DAT
[2009/12/17 21:46:44 | 00,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/17 21:45:41 | 04,844,272 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup.exe
[2009/12/17 21:05:20 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT.lnk
[2009/12/17 21:04:35 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Compaq_Owner\Desktop\erunt_setup.exe
[2009/12/17 20:59:08 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Compaq_Owner\Desktop\SysRestorePoint.exe
[2009/12/17 19:26:40 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\temp file cleaner.exe
[2009/12/17 04:07:05 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/12/16 16:10:13 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/15 11:24:00 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe
[2009/12/09 20:31:18 | 00,431,448 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 20:31:17 | 00,072,054 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 20:31:14 | 00,512,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 20:04:26 | 00,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/09 18:10:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/08 17:07:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/06 10:25:42 | 00,032,920 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/06 10:16:40 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\retirement 1q05.xls
[2 C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/18 09:52:02 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe
[2009/12/18 09:25:22 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2009/12/17 21:46:44 | 00,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/17 21:05:20 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT.lnk
[2008/07/01 13:26:08 | 00,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2008/02/16 20:45:27 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/12/29 17:30:13 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2007/12/29 17:22:05 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/12/29 17:22:05 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/12/29 17:22:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/12/29 17:22:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/12/29 17:22:05 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/12/29 17:22:05 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/19 17:03:30 | 00,000,211 | ---- | C] () -- C:\WINDOWS\btw.ini
[2007/03/19 17:03:13 | 00,000,347 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/10 22:07:19 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/11/12 21:13:45 | 00,000,982 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/12 21:30:18 | 00,188,035 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/19 18:24:25 | 00,001,105 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/13 16:38:02 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/05/16 18:22:21 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2005/01/01 00:54:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/12/31 15:55:53 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/12/31 14:29:35 | 00,060,416 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/11 09:19:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/10 10:56:42 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/08/10 10:55:59 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/10 10:55:59 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/10 10:49:42 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/10 10:42:09 | 00,025,960 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/10 10:41:29 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/10 10:25:46 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/10 09:52:17 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 08:57:41 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/10 08:57:41 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/10 08:57:14 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/10 08:44:56 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 08:19:50 | 00,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/29 07:58:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/08 00:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/01/19 21:59:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/01/10 15:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/11/29 15:39:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/11/30 21:08:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2005/10/04 12:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/02/16 20:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/06 17:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/11/30 17:21:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/09/12 16:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Anvil Studio
[2009/05/22 11:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ICAClient
[2005/01/14 18:07:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2005/01/04 22:56:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2004/08/10 11:16:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2008/03/03 16:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TeamViewer
[2006/11/30 22:08:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2007/06/27 12:51:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ulead Systems
[2007/05/31 22:01:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Viewpoint
[2008/08/18 16:15:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Windows Desktop Search
[2009/02/13 21:53:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Windows Search
[2009/12/18 17:11:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/12/18 17:09:17 | 00,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/12/18 17:06:41 | 00,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2009/12/17 04:07:05 | 00,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 16:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 16:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 16:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


extra.txt log
OTL Extras logfile created on: 12/18/2009 5:34:10 PM - Run 1
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 201.18 Mb Available Physical Memory | 39.97% Memory free
1.20 Gb Paging File | 0.76 Gb Available in Paging File | 63.03% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.00 Gb Total Space | 44.81 Gb Free Space | 30.28% Space Free | Partition Type: NTFS
Drive D: | 4.66 Gb Total Space | 0.79 Gb Free Space | 16.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-7008FFA13B
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = 0
"FirstRunDisabled" = 0
"FirewallOverride" = 0
"AntiVirusOverride" = 0
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20CFBF87-73BD-4EC5-80B4-9C894126BD14}" = TurboTax 2008 wvaiper
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E9BF7CBD-0B50-49B4-96C9-F8FDA63F9441}" = Simply Safe Backup Free Edition
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Dell_HostCD" = Dell Printer Software Uninstall
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"Help and Support Additions" = Help and Support Additions
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360 Premier Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orb" = Winamp Remote
"PS2" = PS2
"RealPlayer 12.0" = RealPlayer
"RegCure" = RegCure 2.0.0.0
"TeamViewer 3" = TeamViewer 3
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2009 2:52:25 PM | Computer Name = YOUR-7008FFA13B | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 12/18/2009 2:52:25 PM | Computer Name = YOUR-7008FFA13B | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\UNINSTALL MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

Error - 12/18/2009 2:52:25 PM | Computer Name = YOUR-7008FFA13B | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\UNINSTALL MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

Error - 12/18/2009 6:11:56 PM | Computer Name = YOUR-7008FFA13B | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 12/18/2009 6:24:29 PM | Computer Name = YOUR-7008FFA13B | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\MALWAREBYTES' ANTI-MALWARE HELP.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 12/18/2009 6:24:29 PM | Computer Name = YOUR-7008FFA13B | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\MALWAREBYTES' ANTI-MALWARE HELP.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 12/18/2009 6:24:31 PM | Computer Name = YOUR-7008FFA13B | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 12/18/2009 6:24:31 PM | Computer Name = YOUR-7008FFA13B | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 12/18/2009 6:24:31 PM | Computer Name = YOUR-7008FFA13B | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\UNINSTALL MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

Error - 12/18/2009 6:24:31 PM | Computer Name = YOUR-7008FFA13B | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\UNINSTALL MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

[ System Events ]
Error - 12/17/2009 9:22:52 PM | Computer Name = YOUR-7008FFA13B | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.

Error - 12/18/2009 2:46:03 PM | Computer Name = YOUR-7008FFA13B | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064}

to the user YOUR-7008FFA13B\Arlene SID (S-1-5-21-3630618810-1409296343-3820008914-1011).
This security permission can be modified using the Component Services administrative
tool.

Error - 12/18/2009 2:47:17 PM | Computer Name = YOUR-7008FFA13B | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064}

to the user YOUR-7008FFA13B\Arlene SID (S-1-5-21-3630618810-1409296343-3820008914-1011).
This security permission can be modified using the Component Services administrative
tool.

Error - 12/18/2009 2:47:17 PM | Computer Name = YOUR-7008FFA13B | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064}

to the user YOUR-7008FFA13B\Arlene SID (S-1-5-21-3630618810-1409296343-3820008914-1011).
This security permission can be modified using the Component Services administrative
tool.

Error - 12/18/2009 2:47:21 PM | Computer Name = YOUR-7008FFA13B | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064}

to the user YOUR-7008FFA13B\Arlene SID (S-1-5-21-3630618810-1409296343-3820008914-1011).
This security permission can be modified using the Component Services administrative
tool.

Error - 12/18/2009 2:47:53 PM | Computer Name = YOUR-7008FFA13B | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064}

to the user YOUR-7008FFA13B\Arlene SID (S-1-5-21-3630618810-1409296343-3820008914-1011).
This security permission can be modified using the Component Services administrative
tool.

Error - 12/18/2009 2:57:14 PM | Computer Name = YOUR-7008FFA13B | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064}

to the user YOUR-7008FFA13B\Arlene SID (S-1-5-21-3630618810-1409296343-3820008914-1011).
This security permission can be modified using the Component Services administrative
tool.

Error - 12/18/2009 2:57:47 PM | Computer Name = YOUR-7008FFA13B | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064}

to the user YOUR-7008FFA13B\Arlene SID (S-1-5-21-3630618810-1409296343-3820008914-1011).
This security permission can be modified using the Component Services administrative
tool.

Error - 12/18/2009 2:57:51 PM | Computer Name = YOUR-7008FFA13B | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064}

to the user YOUR-7008FFA13B\Arlene SID (S-1-5-21-3630618810-1409296343-3820008914-1011).
This security permission can be modified using the Component Services administrative
tool.

Error - 12/18/2009 6:05:56 PM | Computer Name = YOUR-7008FFA13B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the N360 service.


< End of report >


thanks again and merry christmas!
  • 0

Advertisements

#2
lee.s
Posted 19 December 2009 - 07:01 PM

lee.s

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
forgot to say i have everything in your vcleaning guide.

TFC
system restore
ERUNUT
MBAM
Norton
GMER - but it would not run, details above
OTL
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP