Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

slow start up and slow throughout computer use


  • Please log in to reply

#1
hank00

hank00

    Member

  • Member
  • PipPip
  • 19 posts
hello, i have followed all directions in regards to the cleaining page. i still have trouble when i restart my computer. when i restart my computer there is a black screen with a white bars at the bottom. after a while it will load into windows. while computer is running programs are very slow to load and access. how often should i turn off my computer? What happens when i leave it on for days? i will post all the scans requested on the cleaning page. thanks for your time and help. :)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-22 19:00:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MYDENT~1\LOCALS~1\Temp\afxoqfod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF7FB86B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF7FB8574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF7FB8A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF7FB814C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF7FB864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF7FB808C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF7FB80F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF7FB876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF7FB872E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF7FB88AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF4DA80B0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.42
Database version: 3406
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/21/2009 6:30:41 PM
mbam-log-2009-12-21 (18-30-41).txt

Scan type: Quick Scan
Objects scanned: 101220
Time elapsed: 12 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





extras.Txt
OTL Extras logfile created on: 12/22/2009 7:03:07 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\My Dentist\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 17.00 Mb Available Physical Memory | 7.00% Memory free
626.00 Mb Paging File | 130.00 Mb Available in Paging File | 21.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 49.74 Gb Free Space | 86.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 186.31 Gb Total Space | 116.83 Gb Free Space | 62.71% Space Free | Partition Type: NTFS
Drive Y: | 74.52 Gb Total Space | 37.77 Gb Free Space | 50.69% Space Free | Partition Type: NTFS
Drive Z: | 74.52 Gb Total Space | 37.77 Gb Free Space | 50.69% Space Free | Partition Type: NTFS

Computer Name: MY-A5MWZ552VU26
Current User Name: My Dentist
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001983B6-F929-4367-AF07-15471E0EA0E8}" = ImageRAYi Drivers
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{2DD0036F-261D-405C-B197-8D252D2D73D5}" = DENTRIX G2 Practice Assistant
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{63F4C447-439C-47CC-BC63-AE7D40A7A3A1}" = DENTRIX Image 4.5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{9107A8B5-B6BF-4EC9-9ACB-25571C0D5F53}" = DENTRIX Image
"{9E6F2D32-FF1A-477C-A9C9-CFBD0BD9D015}" = Crystal Reports for DENTRIX
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{BC17AD93-CF7E-455C-A18A-49AC181C770A}" = DENTRIX G2 Required Components
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D3E449A1-EDE3-4CF8-9F9D-5DA508A734BC}" = SignatureSetup
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{F20BF639-E6B8-4310-B613-9C494EB9B5D0}" = DENTRIX G2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"avast!" = avast! Antivirus
"C-Media Audio Driver" = C-Media WDM Audio Driver
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DD0036F-261D-405C-B197-8D252D2D73D5}" = DENTRIX G2 Practice Assistant
"InstallShield_{F20BF639-E6B8-4310-B613-9C494EB9B5D0}" = DENTRIX G2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ShockwaveFlash" = Macromedia Flash Player 8
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2009 11:09:41 AM | Computer Name = MY-A5MWZ552VU26 | Source = Application Hang | ID = 1002
Description = Hanging application chart.exe, version 12.0.267.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/9/2009 12:44:20 PM | Computer Name = MY-A5MWZ552VU26 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/9/2009 12:44:20 PM | Computer Name = MY-A5MWZ552VU26 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/9/2009 12:44:20 PM | Computer Name = MY-A5MWZ552VU26 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/9/2009 12:44:20 PM | Computer Name = MY-A5MWZ552VU26 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/9/2009 12:45:48 PM | Computer Name = MY-A5MWZ552VU26 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module urlmon.dll, version 7.0.6000.16915, fault address 0x0002f19d.

Error - 11/20/2009 1:46:11 PM | Computer Name = MY-A5MWZ552VU26 | Source = Application Error | ID = 1000
Description = Faulting application viper.exe, version 4.5.16.0, faulting module
mfc42.dll, version 6.2.4131.0, fault address 0x00005fd5.

Error - 12/21/2009 8:58:41 PM | Computer Name = MY-A5MWZ552VU26 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 12/22/2009 12:30:27 PM | Computer Name = MY-A5MWZ552VU26 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/6/2009 11:12:31 AM | Computer Name = MY-A5MWZ552VU26 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000021, parameter2 00000002, parameter3
00000000, parameter4 804f5028.

Error - 4/19/2009 5:47:06 AM | Computer Name = MY-A5MWZ552VU26 | Source = System Error | ID = 1003
Description = Error code 00000019, parameter1 00000020, parameter2 8168c610, parameter3
8168c7f0, parameter4 0a3c0001.

Error - 5/1/2009 10:55:14 AM | Computer Name = MY-A5MWZ552VU26 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000019, parameter2 00000002, parameter3
00000001, parameter4 804e6349.

Error - 5/9/2009 9:50:09 AM | Computer Name = MY-A5MWZ552VU26 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.8 for the Network Card with network
address 00E04C8753C7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/9/2009 10:39:57 AM | Computer Name = MY-A5MWZ552VU26 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 805df5e7, parameter3
f5b6bc30, parameter4 00000000.

Error - 5/28/2009 4:54:08 PM | Computer Name = MY-A5MWZ552VU26 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg8wd service.

Error - 5/28/2009 5:20:08 PM | Computer Name = MY-A5MWZ552VU26 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 98cc17f4, parameter2 00000002, parameter3
00000000, parameter4 804e65e6.

Error - 6/5/2009 10:37:48 AM | Computer Name = MY-A5MWZ552VU26 | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000099, parameter2 00000000, parameter3
00000000, parameter4 00000000.


< End of report >



OTL.Txt
OTL logfile created on: 12/22/2009 7:03:07 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\My Dentist\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 17.00 Mb Available Physical Memory | 7.00% Memory free
626.00 Mb Paging File | 130.00 Mb Available in Paging File | 21.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 49.74 Gb Free Space | 86.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 186.31 Gb Total Space | 116.83 Gb Free Space | 62.71% Space Free | Partition Type: NTFS
Drive Y: | 74.52 Gb Total Space | 37.77 Gb Free Space | 50.69% Space Free | Partition Type: NTFS
Drive Z: | 74.52 Gb Total Space | 37.77 Gb Free Space | 50.69% Space Free | Partition Type: NTFS

Computer Name: MY-A5MWZ552VU26
Current User Name: My Dentist
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/22 19:02:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\My Dentist\Desktop\OTL.exe
PRC - [2009/12/16 16:26:56 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/24 17:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 17:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 17:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/03 07:15:18 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/25 09:36:08 | 00,057,344 | ---- | M] (Dentrix Dental Systems, Inc.) -- C:\Program Files\Dentrix\WebSyncReminder.exe
PRC - [2006/10/25 09:24:08 | 00,077,824 | ---- | M] (Dentrix Dental Systems, Inc.) -- C:\Program Files\Dentrix\DtxQuickLaunch.exe


========== Modules (SafeList) ==========

MOD - [2009/12/22 19:02:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\My Dentist\Desktop\OTL.exe
MOD - [2008/05/02 01:42:50 | 00,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/12/01 21:54:32 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 17:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DtxQuickLaunch.exe] C:\Program Files\Dentrix\DtxQuickLaunch.exe (Dentrix Dental Systems, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Web Sync Reminder.lnk = C:\Program Files\Dentrix\WebSyncReminder.exe (Dentrix Dental Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/14 20:47:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/03/07 23:58:45 | 00,000,000 | ---- | M] () - Y:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/14 20:47:16 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/22 19:02:00 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\My Dentist\Desktop\OTL.exe
[2009/12/22 10:18:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/22 10:17:57 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/22 10:17:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dentist\Application Data\SUPERAntiSpyware.com
[2009/12/22 10:17:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/12/22 03:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/12/21 19:01:34 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/21 19:01:33 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/21 19:01:32 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/21 19:01:29 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/21 19:01:26 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/21 19:01:26 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/21 19:01:25 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/21 19:01:25 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/21 19:00:52 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/21 19:00:48 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/21 18:49:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/21 18:49:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/21 18:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/21 18:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/21 18:13:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dentist\Application Data\Malwarebytes
[2009/12/21 18:13:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/21 18:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/21 18:13:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/21 18:13:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/21 18:10:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/21 18:09:45 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/21 18:07:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dentist\Desktop\cpu maint
[2009/12/21 18:01:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dentist\Local Settings\Application Data\Yahoo
[2009/12/21 18:00:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/12/21 18:00:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/12/21 18:00:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dentist\Application Data\Yahoo!
[2009/12/21 17:58:20 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/12/21 17:52:44 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\My Dentist\IECompatCache
[2009/12/21 17:52:22 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\My Dentist\PrivacIE
[2009/12/21 17:49:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\My Dentist\IETldCache
[2009/12/21 17:37:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/12/21 17:32:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2003/07/08 09:28:48 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll

========== Files - Modified Within 14 Days ==========

[2009/12/22 19:02:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\My Dentist\Desktop\OTL.exe
[2009/12/22 17:42:23 | 00,001,624 | ---- | M] () -- C:\WINDOWS\dentrix.ini
[2009/12/21 19:39:05 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/21 19:38:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/21 19:38:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/21 19:08:52 | 26,796,4416 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/21 19:02:57 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\My Dentist\NTUSER.DAT
[2009/12/21 19:02:57 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\My Dentist\ntuser.ini
[2009/12/21 19:02:43 | 03,753,628 | -H-- | M] () -- C:\Documents and Settings\My Dentist\Local Settings\Application Data\IconCache.db
[2009/12/21 19:01:26 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/21 18:00:48 | 00,000,760 | ---- | M] () -- C:\Documents and Settings\My Dentist\Application Data\setup_ldm.iss
[2009/12/21 17:58:56 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\My Dentist\Desktop\Internet.lnk
[2009/12/21 17:39:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/14 14:02:52 | 00,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/14 14:02:52 | 00,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/14 14:02:52 | 00,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2009/12/21 19:00:52 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/12/21 18:01:05 | 00,000,180 | ---- | C] () -- C:\Documents and Settings\My Dentist\Application Data\setup.log
[2009/12/21 18:00:48 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\My Dentist\Application Data\setup_ldm.iss
[2009/12/21 17:58:56 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\My Dentist\Desktop\Internet.lnk
[2007/11/15 15:36:32 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\My Dentist\Local Settings\Application Data\fusioncache.dat
[2007/11/15 15:14:59 | 00,970,752 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2007/11/15 15:14:59 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2007/11/15 15:14:58 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2007/11/15 14:31:41 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/11/15 14:22:31 | 00,000,188 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/01 18:29:26 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\TnetWCoInst.dll
[2004/06/29 12:27:26 | 00,144,384 | ---- | C] () -- C:\WINDOWS\System32\lttls14n.dll
[2004/06/29 12:27:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Lvgl14N.dll
[2004/06/29 12:27:22 | 00,974,848 | ---- | C] () -- C:\WINDOWS\System32\LtDlgRes14n.dll
[2004/06/29 12:27:20 | 00,721,408 | ---- | C] () -- C:\WINDOWS\System32\ltcry14n.dll
[2004/06/29 12:27:18 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/06/29 12:27:18 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/06/29 12:27:18 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\lfdrw14N.dll
[2003/07/08 09:30:04 | 00,001,624 | ---- | C] () -- C:\WINDOWS\dentrix.ini
[2003/07/08 09:29:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\u2lbar.dll
[2003/07/08 09:28:58 | 00,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2003/07/08 09:28:54 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\p2smcube.dll
[2003/07/08 09:28:54 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\p2solap.dll
[2003/07/08 09:28:52 | 00,270,336 | ---- | C] () -- C:\WINDOWS\System32\p2molap.dll
[2003/02/18 18:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

Edited by fenzodahl512, 27 December 2009 - 12:35 AM.
To show the lack of RAM

  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hi.. first of all, please redo the OTL step and post the fresh OTL logs here.. My primary suspect is not malware but its perhaps your RAM.. Anyway, lets check for virus/malware first :)

255.00 Mb Total Physical Memory | 17.00 Mb Available Physical Memory | 7.00% Memory free


As you can see, the computer only has 256mb of RAM which is barely adequate for current programs.. I strongly suggest you to upgrade to at least 1gb of RAM (1024mb).. When it comes to RAM, the more the better.. But lets check for malware first :)

Edited by fenzodahl512, 27 December 2009 - 12:36 AM.

  • 0

#3
hank00

hank00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
hello and thanks in advance for your help. i went ahead and ran another otl scan but only got one scan summary back. i hope this is what you needed. can you give me some info on ram. how big should i get or what brand. thanks a bunch :)
thanks fenzodahl512!!!!!!!


OTL logfile created on: 12/27/2009 6:28:26 PM - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\My Dentist\Desktop\cpu maint
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 131.00 Mb Available Physical Memory | 51.00% Memory free
618.00 Mb Paging File | 286.00 Mb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 49.77 Gb Free Space | 86.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 186.31 Gb Total Space | 116.44 Gb Free Space | 62.50% Space Free | Partition Type: NTFS
Drive Y: | 74.52 Gb Total Space | 37.97 Gb Free Space | 50.96% Space Free | Partition Type: NTFS
Drive Z: | 74.52 Gb Total Space | 37.97 Gb Free Space | 50.96% Space Free | Partition Type: NTFS

Computer Name: MY-A5MWZ552VU26
Current User Name: My Dentist
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/22 19:02:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\My Dentist\Desktop\cpu maint\OTL.exe
PRC - [2009/12/16 16:26:56 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/24 17:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 17:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 17:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/03 07:15:18 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/12/22 19:02:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\My Dentist\Desktop\cpu maint\OTL.exe
MOD - [2008/05/02 01:42:50 | 00,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/12/01 21:54:32 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 17:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DtxQuickLaunch.exe] C:\Program Files\Dentrix\DtxQuickLaunch.exe File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/14 20:47:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/03/07 23:58:45 | 00,000,000 | ---- | M] () - Y:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/14 20:47:16 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/22 10:18:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/22 10:17:57 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/22 10:17:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dentist\Application Data\SUPERAntiSpyware.com
[2009/12/22 10:17:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/12/21 19:01:34 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/21 19:01:33 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/21 19:01:32 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/21 19:01:29 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/21 19:01:26 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/21 19:01:26 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/21 19:01:25 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/21 19:01:25 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/21 19:00:52 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/21 19:00:48 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/21 18:49:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/21 18:49:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/21 18:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/21 18:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/21 18:13:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dentist\Application Data\Malwarebytes
[2009/12/21 18:13:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/21 18:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/21 18:13:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/21 18:13:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/21 18:10:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/21 18:09:45 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/21 18:07:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dentist\Desktop\cpu maint
[2009/12/21 18:01:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dentist\Local Settings\Application Data\Yahoo
[2009/12/21 18:00:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/12/21 18:00:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/12/21 18:00:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dentist\Application Data\Yahoo!
[2009/12/21 17:58:20 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/12/21 17:52:44 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\My Dentist\IECompatCache
[2009/12/21 17:52:22 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\My Dentist\PrivacIE
[2009/12/21 17:49:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\My Dentist\IETldCache
[2009/12/21 17:37:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/12/21 17:32:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2003/07/08 09:28:48 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll

========== Files - Modified Within 14 Days ==========

[2009/12/26 08:45:05 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/26 08:44:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/26 08:44:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/26 08:44:13 | 26,796,4416 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/24 17:30:04 | 00,000,024 | ---- | M] () -- C:\WINDOWS\DENTRIX.INI
[2009/12/22 21:09:28 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\My Dentist\ntuser.ini
[2009/12/22 21:09:27 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\My Dentist\NTUSER.DAT
[2009/12/22 21:07:48 | 03,757,586 | -H-- | M] () -- C:\Documents and Settings\My Dentist\Local Settings\Application Data\IconCache.db
[2009/12/21 19:01:26 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/21 18:00:48 | 00,000,760 | ---- | M] () -- C:\Documents and Settings\My Dentist\Application Data\setup_ldm.iss
[2009/12/21 17:58:56 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\My Dentist\Desktop\Internet.lnk
[2009/12/21 17:39:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/14 14:02:52 | 00,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/14 14:02:52 | 00,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/14 14:02:52 | 00,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2009/12/24 17:30:04 | 00,000,024 | ---- | C] () -- C:\WINDOWS\DENTRIX.INI
[2009/12/21 19:00:52 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/12/21 18:01:05 | 00,000,180 | ---- | C] () -- C:\Documents and Settings\My Dentist\Application Data\setup.log
[2009/12/21 18:00:48 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\My Dentist\Application Data\setup_ldm.iss
[2009/12/21 17:58:56 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\My Dentist\Desktop\Internet.lnk
[2007/11/15 15:36:32 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\My Dentist\Local Settings\Application Data\fusioncache.dat
[2007/11/15 15:14:59 | 00,970,752 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2007/11/15 15:14:59 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2007/11/15 15:14:58 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2007/11/15 14:31:41 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/11/15 14:22:31 | 00,000,188 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/01 18:29:26 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\TnetWCoInst.dll
[2004/06/29 12:27:26 | 00,144,384 | ---- | C] () -- C:\WINDOWS\System32\lttls14n.dll
[2004/06/29 12:27:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Lvgl14N.dll
[2004/06/29 12:27:22 | 00,974,848 | ---- | C] () -- C:\WINDOWS\System32\LtDlgRes14n.dll
[2004/06/29 12:27:20 | 00,721,408 | ---- | C] () -- C:\WINDOWS\System32\ltcry14n.dll
[2004/06/29 12:27:18 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/06/29 12:27:18 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/06/29 12:27:18 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\lfdrw14N.dll
[2003/07/08 09:29:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\u2lbar.dll
[2003/07/08 09:28:58 | 00,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2003/07/08 09:28:54 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\p2smcube.dll
[2003/07/08 09:28:54 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\p2solap.dll
[2003/07/08 09:28:52 | 00,270,336 | ---- | C] () -- C:\WINDOWS\System32\p2molap.dll
[2003/02/18 18:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
First, your OTL log looks clean to me..

Now about your RAM.. First, we need to know what type of your computer.. Go below and download cpuz

http://www.cpuid.com/cpuz.php

Run cpuz and then go to SPD tab.. Under Memory Slot Selection, there'll be Slot #1, #2, #3 etc.. Just browse each of them..

For each slot, please note either its DDR, DDR2 or DDR3.. Also note the Module Size, Max Bandwith, Manufacturer, Part Number..

Note all them on a piece of paper and then post the information here..

To be very honest, the best way to add RAM is to bring your computer to a computer store or computer technician and ask them to upgrade the RAM for you.. It would save some hassle like incompatible or faulty RAM.. Ask the technician to do a "Stress Test" on your RAM..

About RAM capacity.. I recommend "at least" 1gb (one gigabyte) but to be honest, if your budget permit, just go straight to 2gb (two gigabyte).. RAM is not expensive but from what I see at my local store, RAM price is increasing..

Other than your computer being slow, is there any other problem? Because I don't see anything malicious on your OTL log :)
  • 0

#5
hank00

hank00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
hello fenzodahl512!!! thanks again for helping me. :) okay so i followed the instructions and here is the post. if i upgrade my ram is my computer going to run a litte faster. can you also give me info on how to turn off the start up programs that i dont need. thanks again for your help.

Slot #1 DDR
Module size 256MBytes
MaxBandwidth PC2100 (133 MHZ)
Manufacturer Hyundai Electronics
Part # HYMD132645B8-H
Serial #8526314A

Slot #2 No information
  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
From your OTL log, I don't see many startup.. So, don't worry about the startup now.. Just worry about upgrading your RAM :)

Slot #1 DDR


Its a DDR RAM, not DDR2.. DDR is quite expensive..

Manufacturer Hyundai Electronics


Previously Hyundai Electronics.. Now known as "Hynix".. Here's the website

http://www.hynix.com/gl/index.jsp

MaxBandwidth PC2100 (133 MHZ)


Rated at 266MHz..

And the computer only has two RAM slot.. So, its best for you to find a 1gb stick for your computer..

Is it a laptop or desktop? When you go to the computer store, bring your computer with you and ask for RAM upgrade..

Ask specifically for a single 1gb (one gigabyte) stick of DDR RAM with "Hynix" chipset.. If the computer store doesn't have the "Hynix" chipset, ask them to test the compatibility.. If the computer can boot up with the new ram without issues, ask them to run a stress test with Windows MemTest.. link below...

http://hcidesign.com/memtest/

Ask them to run it to at least 1000% (yes, one thousand percent) and verify it has no error.. It could take about one hour though..

If these conditions are met, then the RAM is suitable for your computer.. In the end, you should have a total of 1.25gb (1gb + 256mb)

Good luck :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP