Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

1 out of 3 Of My XP Machines Has Slow Internet Access

Started by DerbyDad03 , Jan 03 2011 10:13 PM

  • Please log in to reply

#16
DerbyDad03
Posted 17 January 2011 - 08:27 AM

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I'll work on your list of tasks today.

re: It looks like Combofix took out some stuff it shouldn't have which is why you lost your Excel

After trying to start Excel 2010 a few times, it eventually asked me for the license key. Once that was entered and it went through it's ridiculously long configuration process and it seems to be working. It appears that Office no longer knew that it was a licensed product.

The only other 2010 app I'm need is Word which just went through it's own ridiculously long configuration process, so all might be well with Office now.
  • 0

Advertisements

#17
DerbyDad03
Posted 17 January 2011 - 04:56 PM

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
You didn't comment on the 2 items between the *** from a few posts ago. Are we ignoring them for now?

The rest of the results from your most recent task list follows after these 2 items.

******************************************************

re: XP cannot unload your classes registry file - use the Fixit at: http://support.microsoft.com/kb/837115

I did not find a "Fix it" in that kb article, at least not the typical "guy with the wrench" Fix it.

Is this what you wanted me to run?

To use the Microsoft User Profile Hive Cleanup Service (UPHClean), follow these steps:
    1.  Download UPHClean. 
            To download and install UPHClean, visit the following Microsoft Web site: 
            http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582


re: Winamp is having a problem. ... Perhaps there is an uninstall option in C:\program Files\Winamp\

if not you can do: http://forums.winamp...?threadid=51699


There is no C:\program Files\Winamp\ folder.

There was an uninstall option in the All Programs/Winamp folder but the shortcut did not work. Windows searched but didn't find the application.

I tried to follow the steps at the link you provided, but the first three items didn't exist, so I stopped.

Delete these folders.
c:\Program Files\Mjuice Media Player

c:\Program Files\Winamp

c:\WINDOWS\Start Menu\Programs\Winamp


I looked for a couple of other items and didn't find them either. Should I look for every file and registry entry listed and delete whichever ones I find?

******************************************************

The results from your most recent task list...

re: The Simple Service Discovery Protocol (SSDP) is required for upnphost service to work so see if it is can start.

I was able to start SSDP which then allowed me to start the upnphost service.

re: C:\Users\Shelly>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config > \Junk.txt

The system returned a "Path not found" message.

I tried changing the first part to C:\Users\Dave>reg query but it still didn't find the path.

re: Combofix ... Not sure why it crashed at the end tho

It didn't crash. It popped up the "PEV.exe has encountered a problem" message somewhere around Stage 5 or 6 but then continued through all the other Stages and completed.

re: uninstall Spybot S&D

Done.

re: AppRemover

AppRemover did not find any remnants of AVG. The only thing it found was AdAware from back in 2008. I let it uninstall that.

re: vvdsvc

It is now disabled in the Startup Type

re: getPlusHelper

Uninstalled.

re: Java Consoles

There were 4 listed in Add-Ons. I uninstalled all but 6.0.19.

re: Run OTL again...

OTL log

OTL logfile created on: 01/17/11 5:43:12 PM - Run 3
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Dave\Desktop\Cleaners 1-11
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 13.26 Gb Free Space | 17.37% Space Free | Partition Type: NTFS

Computer Name: LIVINGROOM | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 23:40:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\desktop\Cleaners 1-11\OTL.exe
PRC - [2010/12/11 09:17:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/01 11:53:08 | 000,107,008 | ---- | M] () -- C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
PRC - [2008/05/14 14:48:42 | 000,644,368 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
PRC - [2008/05/09 11:09:50 | 000,267,536 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/18 21:18:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/05/14 06:10:00 | 002,277,376 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
PRC - [2004/05/14 06:10:00 | 000,025,088 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 23:40:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\desktop\Cleaners 1-11\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/28 21:54:28 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Disabled | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2007/05/01 12:35:16 | 001,216,704 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/05/01 12:34:58 | 000,131,256 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2003/03/09 15:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/29 15:34:02 | 000,401,280 | ---- | M] (YUAN High-Tech Development Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OmniTV.sys -- (OmniTV)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/13 21:09:57 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/10/12 16:35:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/04/03 18:55:14 | 000,021,920 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\sandra.sys -- (SANDRA)
DRV - [2006/01/25 16:14:06 | 000,472,644 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCWBT8xx.sys -- (HCWBT8XX)
DRV - [2005/09/26 06:07:00 | 000,048,640 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/07/11 12:37:00 | 000,025,434 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/06/19 17:30:18 | 000,752,764 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (Aspi32)
DRV - [2002/02/13 13:27:30 | 000,166,419 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/02/13 13:26:54 | 001,171,584 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/02/13 13:20:46 | 000,594,032 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/08/17 12:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/06/04 06:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "google.com"
FF - prefs.js..browser.search.defaultenginename: "google.com"
FF - prefs.js..browser.search.order.1: "google.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/06/09 05:22:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/13 17:33:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/17 17:31:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/13 17:33:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/01/13 17:33:54 | 000,000,000 | ---D | M]

[2009/04/30 20:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2010/08/30 16:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/04/30 20:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\[email protected]
[2011/01/17 17:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions
[2010/09/23 19:23:40 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/01/06 01:13:32 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/02/14 14:08:55 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)
[2010/10/22 20:44:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/01/06 01:13:32 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/12/27 18:10:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/16 15:31:17 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\searchplugins\askcom.xml
[2011/01/17 17:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/09 05:22:53 | 000,000,000 | ---D | M] (PayPal Plug-In for Firefox) -- C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN

O1 HOSTS File: ([2011/01/16 17:09:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH)
O4 - HKCU..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-3488ABDDC600} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab34120.cab (StagingUI Object)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yaho...s/yinst0401.cab (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab32846.cab (ZoneBuddy Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.clarkcolo...larkActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.3.cab (DLM Control)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab32846.cab (ZonePAChat Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1121021608359 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} http://h30155.www3.h...edsolutions.cab (HPObjectInstaller Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} https://mydesk-hq02....inalSvcsTCS.cab (TerminalSvcsTCSX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://vexcast.com/d...oad/vexcast.cab (VodClient Control Class)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab35645.cab (StadiumProxy Class)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab36385.cab (ZPA_Backgammon Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/29 12:59:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/17 12:25:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/16 17:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/01/16 17:18:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/16 17:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/16 17:18:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/16 17:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/16 16:52:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/16 16:52:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/16 16:52:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/16 16:52:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/16 16:47:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/14 21:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/01/14 07:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\PTR January 2011_20110114-0734
[2011/01/13 23:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Cleaners 1-11
[2011/01/13 17:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/13 17:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/13 17:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/01/13 17:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/13 17:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/13 17:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/13 17:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/13 17:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/01/13 07:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\BT MP3
[2011/01/09 21:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\uTorrent
[2010/12/21 07:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Brochure Quotes
[2010/12/19 13:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009
[2 C:\Documents and Settings\Dave\My Documents\*.tmp files -> C:\Documents and Settings\Dave\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/17 17:31:03 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\You didn.doc
[2011/01/17 17:12:40 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/01/17 17:11:09 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/17 17:11:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/17 17:10:50 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/17 17:10:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/17 17:10:04 | 2137,903,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/17 17:07:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/17 13:08:40 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2011/01/17 12:35:36 | 000,360,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/17 12:25:06 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2011/01/16 18:22:59 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Task Troubles.doc
[2011/01/16 17:18:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/16 17:09:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/16 15:48:20 | 000,434,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/16 15:48:20 | 000,068,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/16 14:47:18 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2011/01/14 21:28:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/14 06:08:54 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/01/13 17:36:25 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/13 17:33:30 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/12 20:30:12 | 005,854,496 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Here They Come Again - Van Morrison - .mp3
[2011/01/12 19:12:09 | 000,011,132 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Erin.xlsx
[2011/01/09 21:52:14 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/01/09 21:52:14 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\06E5AC
[2011/01/09 21:43:39 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/01/09 00:01:55 | 000,023,768 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Student ID.xlsm
[2011/01/03 08:24:43 | 000,059,147 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Inv_22086_from_RyGan_Print.pdf
[2010/12/29 22:04:44 | 000,013,252 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Fee Intervals.xlsx
[2010/12/24 00:21:15 | 000,861,633 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Travel.docx
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 13:56:06 | 000,003,017 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\EBS Claim 12-19-2010.aspx.htm
[2010/12/19 13:50:26 | 000,134,564 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-03-2010.jpg
[2010/12/19 13:43:43 | 000,034,034 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 05-21-2010.jpg
[2010/12/19 13:40:07 | 000,048,572 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-22-2009.jpg
[2010/12/19 13:34:45 | 000,049,428 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-13-2010.jpg
[2010/12/19 13:28:58 | 000,048,583 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 07-26-2010.jpg
[2010/12/19 13:22:41 | 000,070,649 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 3.jpg
[2010/12/19 13:22:27 | 000,500,224 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 3.ppt
[2010/12/19 13:19:49 | 000,070,531 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 2.jpg
[2010/12/19 13:17:46 | 000,070,185 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 1.jpg
[2010/12/19 13:15:12 | 000,070,185 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009.jpg
[2010/12/19 13:08:11 | 000,037,646 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-10-2010.jpg
[2010/12/19 12:51:09 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MemberNewClaim2.aspx.htm
[2010/12/19 12:49:45 | 000,001,520 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MemberNewClaim1.aspx.htm
[2010/12/19 12:46:10 | 000,038,545 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-19-2010.jpg
[2 C:\Documents and Settings\Dave\My Documents\*.tmp files -> C:\Documents and Settings\Dave\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/17 17:31:02 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\You didn.doc
[2011/01/16 17:18:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/16 16:52:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/16 16:52:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/16 16:52:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/16 16:10:00 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Task Troubles.doc
[2011/01/13 17:36:25 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/13 17:33:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/13 17:31:07 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/12 20:29:14 | 005,854,496 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Here They Come Again - Van Morrison - .mp3
[2011/01/12 19:12:08 | 000,011,132 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Erin.xlsx
[2011/01/09 21:43:39 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/01/09 00:01:55 | 000,023,768 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Student ID.xlsm
[2011/01/03 08:24:39 | 000,059,147 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Inv_22086_from_RyGan_Print.pdf
[2010/12/29 22:04:44 | 000,013,252 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Fee Intervals.xlsx
[2010/12/24 00:00:17 | 000,861,633 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Travel.docx
[2010/12/19 13:56:04 | 000,003,017 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\EBS Claim 12-19-2010.aspx.htm
[2010/12/19 13:50:24 | 000,134,564 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-03-2010.jpg
[2010/12/19 13:43:41 | 000,034,034 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 05-21-2010.jpg
[2010/12/19 13:40:05 | 000,048,572 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-22-2009.jpg
[2010/12/19 13:34:43 | 000,049,428 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-13-2010.jpg
[2010/12/19 13:28:56 | 000,048,583 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 07-26-2010.jpg
[2010/12/19 13:22:40 | 000,070,649 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 3.jpg
[2010/12/19 13:22:27 | 000,500,224 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 3.ppt
[2010/12/19 13:19:47 | 000,070,531 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 2.jpg
[2010/12/19 13:17:44 | 000,070,185 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 1.jpg
[2010/12/19 13:15:09 | 000,070,185 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009.jpg
[2010/12/19 13:08:07 | 000,037,646 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-10-2010.jpg
[2010/12/19 12:51:08 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MemberNewClaim2.aspx.htm
[2010/12/19 12:49:44 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MemberNewClaim1.aspx.htm
[2010/12/19 12:46:06 | 000,038,545 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-19-2010.jpg
[2010/12/01 23:30:28 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2010/12/01 23:30:28 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2010/12/01 23:30:28 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2010/12/01 23:30:28 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2010/12/01 23:30:28 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2010/09/24 07:20:04 | 000,218,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/16 11:08:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\housecall.guid.cache
[2010/05/16 09:50:59 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/21 12:33:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2010/01/06 20:57:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010/01/06 20:57:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2009/09/10 21:22:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\prfile.ini
[2009/02/05 19:44:17 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/09/16 21:05:08 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/06/08 16:24:59 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/02/13 21:09:55 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/02/13 19:39:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2008/01/19 22:56:31 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/09/05 19:01:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/23 11:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/11 23:44:06 | 000,004,059 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\HPCOM_48BitScanUpdate.log
[2007/06/11 23:44:06 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/05/15 14:52:44 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2007/05/15 14:51:59 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007/05/15 14:51:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/05/15 14:51:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2007/05/15 14:21:45 | 000,003,751 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/05/15 14:21:43 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/18 22:06:33 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/28 11:36:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/10/06 21:59:49 | 000,000,141 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/08/31 11:46:13 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/07/24 20:50:43 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2006/06/26 20:50:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/06/26 20:50:39 | 000,000,339 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006/06/26 20:49:24 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/06/26 20:49:24 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/05/09 20:55:04 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2006/01/16 17:08:43 | 000,000,141 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2005/12/15 18:41:55 | 000,000,141 | ---- | C] () -- C:\WINDOWS\prtmate.ini
[2005/12/11 02:22:55 | 000,000,083 | ---- | C] () -- C:\WINDOWS\savtst32.INI
[2005/09/23 19:15:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/12 18:29:35 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\RCCustomSetup.ini
[2005/03/12 17:53:39 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\svconfig.ini
[2005/01/15 23:13:39 | 000,000,141 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/12/07 02:39:15 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/28 20:28:44 | 000,002,076 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/28 17:41:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2004/08/07 12:29:28 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\Dtwain32.dll
[2004/04/23 20:54:03 | 000,000,021 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2004/04/18 23:59:22 | 000,000,391 | ---- | C] () -- C:\WINDOWS\Jelly.ini
[2004/04/08 00:05:54 | 000,000,129 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2004/04/08 00:05:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\TaxACT02.ini
[2004/04/02 18:32:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI
[2004/03/12 20:16:44 | 000,000,778 | ---- | C] () -- C:\WINDOWS\MTB12ST.INI
[2004/03/11 10:46:49 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/02/29 20:01:40 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/02/29 16:22:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/29 16:22:30 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/07/29 14:07:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/29 13:23:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2003/07/29 13:14:01 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/07/29 13:13:28 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2003/07/29 12:47:04 | 000,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/29 12:47:04 | 000,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/07/29 05:51:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/09 15:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/05/30 15:00:00 | 000,000,299 | ---- | C] () -- C:\WINDOWS\LProS.ini
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== LOP Check ==========

[2010/01/25 19:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/07/01 19:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2008/02/13 21:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2007/06/14 16:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/05/16 09:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/11/26 20:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/07/07 18:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/12/01 23:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2005/03/20 09:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/01/16 23:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra
[2008/06/08 16:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/05 18:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/03/13 23:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/30 23:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2011/01/13 17:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/11/23 14:15:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/07/10 20:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Amazon
[2011/01/12 20:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Audacity
[2008/02/17 13:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\BitTorrent
[2008/09/16 21:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Bullzip
[2005/03/12 17:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Cingular
[2008/04/16 22:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ColorCop
[2008/02/13 21:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DAEMON Tools Pro
[2006/07/24 21:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DataLayer
[2010/06/27 10:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FinalMediaPlayer
[2010/09/23 19:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GARMIN
[2010/02/14 13:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GlarySoft
[2007/04/16 20:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ICAClient
[2008/06/15 21:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ImgBurn
[2003/07/29 13:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\InterTrust
[2004/03/21 17:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Leadertech
[2009/07/16 21:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mp3tag
[2008/11/26 20:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\NCH Swift Sound
[2006/07/25 22:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nokia
[2010/02/06 17:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\OpenOffice.org
[2006/07/24 21:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PC Suite
[2008/11/26 20:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Recordpad
[2008/02/13 19:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Smith Micro
[2008/07/30 22:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Snapfish
[2009/12/19 20:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\StreamTorrent
[2010/08/30 16:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Thunderbird
[2010/05/24 19:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\tinySpell
[2007/07/03 23:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\TuneUp Software
[2010/10/19 18:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Uniblue
[2011/01/13 08:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\uTorrent
[2007/01/27 11:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Viewpoint
[2007/05/04 21:28:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1170559575.job
[2007/09/12 22:54:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1181619858.job
[2004/04/23 00:15:32 | 000,000,200 | ---- | M] () -- C:\WINDOWS\Tasks\myautoupdate.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >
  • 0

#18
RKinner
Posted 17 January 2011 - 05:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Typo on my part. Forgot to remove the prompt after copying it from my PC.

Should have been:

Copy the next line:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config > \Junk.txt

Start, Run, cmd, OK then

right click and Paste or Edit, Paste then hit Enter then type:
notepad \junk.txt

The combofix info between the two lines of stars is just saying it didn't find any hidden files.

For the registry issue you need to download, save and install UPHClean.

Copy the text in the code box below by highlighting and then Ctrl + c :

:Services
vvdsvc

:OTL
SRV - [2009/09/24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Disabled | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
[2010/02/14 14:08:55 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

Run OTL and paste the above in the box where it says Custom Scans/Fixes. Verify that you got it all then hit RUN FIX.

Copy and past the log it creates into a Reply.

With all browsers closed:
Right click on your clock and select Task Manager then Networking. Is there any network traffic? How much?


I assume you are using Firefox for your speed tests. Start, All Programs, Mozilla Firefox, Mozilla Firefox (Safe Mode). Go to your speed test site and run your test while watching the task manager, Networking window. What is the peak usage? Compare to one of the good systems. Do you see a difference?

Ron
  • 0

#19
DerbyDad03
Posted 17 January 2011 - 05:51 PM

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
re: reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config > \Junk.txt

Response from system:

'reg' is not recognized as an internal or external command, operable program or batch file

re: The combofix info between the two lines of stars is just saying it didn't find any hidden files.

That's not what I was referring to. Sorry for the confusion. I meant the info that I posted between the **** related uninstalling winamp and UPHClean.

You've now answered the question about UPHClean, but I'm not sure if you want me to do any more work regarding winamp. I was unable to find the 3 folders listed at the very beginning of the uninstall instructions from the website you provided, so I did not do anything about the files or registry entries. Do you want me to delete whatever it is that I can find, even if it's not everything on the list?

I'll work on the other stuff in the meantime.

Thanks once again.
  • 0

#20
DerbyDad03
Posted 17 January 2011 - 06:59 PM

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
re: save and install UPHClean

Done

re: With all browsers closed...Is there any network traffic?

Zero

re: Start, All Programs, Mozilla Firefox, Mozilla Firefox (Safe Mode). What is the peak?

OK, I ran multiple tests and here are the results:

[b]Slow machine with Asrock mobo, Firefox (Safe Mode)[/b]

Download Speed        Network Utilization
   7.14 Mb/s                10.93%
   9.70 Mb/s                10.65%
   6.15 Mb/s                  7.8%
  10.15 Mb/s                  9.1%
   6.08 Mb/s                  7.0%

Note: I rarely see speeds in the 9's or 10's on this machine, so maybe
something we've done has helped.
However, it's certainly not as consistent as the other Asrock mobo 
machine, as can be seen below.

[b]Faster machine with Asrock mobo, Firefox (Safe Mode)[/b]

Download Speed        Network Utilization
   9.88 Mb/s                10.93%
   10.5 Mb/s                11.55%
   9.67 Mb/s                11.25%
  10.41 Mb/s                11.25%
  10.46 Mb/s                11.36%

[b]Fastest machine in the house, Dell Optiplex GX520, Google Chrome (FF not installed)[/b]

Download Speed        Network Utilization
   19.19 Mb/s               23.40%
   10.5 Mb/s                23.44%
   9.67 Mb/s                23.00%
  10.41 Mb/s                23.60%
  10.46 Mb/s                24.27%

OTL Custom Fix Log

========== SERVICES/DRIVERS ==========
Service vvdsvc stopped successfully!
Service vvdsvc deleted successfully!
========== OTL ==========
Error: No service named vvdsvc was found to stop!
Service\Driver key vvdsvc not found.
C:\WINDOWS\system32\nagasoft\vjocx.dll moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)\defaults(2)\preferences(2) folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)\defaults(2) folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)\chrome(2) folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2) folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
ADS C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc deleted successfully.

OTL by OldTimer - Version 3.2.20.2 log created on 01172011_185914

Edited by DerbyDad03, 17 January 2011 - 07:00 PM.

  • 0

#21
RKinner
Posted 17 January 2011 - 07:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If winamp is already gone then we won't worry about it.

How about we boot into Safe Mode with Networking and check the speed there?

Is there any difference in the amount of memory or available hard drive between the two more or less the same PCs? Could you run OTL Quickscan on it?

reg.exe is another command that has gotten lost on your machine. Don't know what is eating these files. It should be:
\windows\system32\reg.exe

See if you can find another copy somewhere and copy it there.
  • 0

#22
DerbyDad03
Posted 18 January 2011 - 06:58 PM

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
re: How about we boot into Safe Mode with Networking and check the speed there?

Well, well...we may be onto something here!

I ran 5 speed tests under the Safe Mode Admin account and 5 under the Dave account. Here are the rather amazing results:

 Administrator               Dave
  18.71 Mb/s              16.80 Mb/s
  16.31 Mb/s              15.81 Mb/s
  16.81 Mb/s              14.45 Mb/s
  16.06 Mb/s              15.69 Mb/s
  19.32 Mb/s              20.83 Mb/s

re: Is there any difference in the amount of memory or available hard drive between the two more or less the same PCs?

The problem machine:

Memory: 2 Gb
Drive Size 80 Gb, 60 Gb used

The other machine:
Memory: 2 Gb
Drive Size 160 Gb, 52 Gb used

re: Could you run OTL Quickscan on it?

I pasted the log after the results of the reg query, but first I'm going to muddy the waters a bit (more).

While I was at the other Asrock based machine, I decided to run the Speed Test in Safe Mode. All 5 test results hovered right around 10 Mb/s, which is always where the tests always end up on that machine. So while the "slow" machine shows a dramatic increase in download speeds when tested in Safe Mode (2.5 to 3 times the speed) the "faster" machine showed no increase at all. Interesting!


re: reg.exe is another command that has gotten lost on your machine
Once again it was found in the C:\WINDOWS\$NtServicePackUninstall$ folder.

I copied it system32 and got these results:


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
LastClockRate REG_DWORD 0x2625a
MinClockRate REG_DWORD 0x260d4
MaxClockRate REG_DWORD 0x263e0
FrequencyCorrectRate REG_DWORD 0x4
PollAdjustFactor REG_DWORD 0x5
LargePhaseOffset REG_DWORD 0x138800
SpikeWatchPeriod REG_DWORD 0x5a
HoldPeriod REG_DWORD 0x5
MaxPollInterval REG_DWORD 0xf
LocalClockDispersion REG_DWORD 0xa
EventLogFlags REG_DWORD 0x2
PhaseCorrectRate REG_DWORD 0x1
MinPollInterval REG_DWORD 0xa
UpdateInterval REG_DWORD 0x57e40
MaxNegPhaseCorrection REG_DWORD 0xd2f0
MaxPosPhaseCorrection REG_DWORD 0xd2f0
AnnounceFlags REG_DWORD 0xa
MaxAllowedPhaseOffset REG_DWORD 0x1


OTL log from 2nd Asrock machine

OTL logfile created on: 1/18/2011 7:28:06 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 96.76 Gb Free Space | 64.92% Space Free | Partition Type: NTFS

Computer Name: DA_GIRLS | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/18 19:27:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
PRC - [2011/01/17 19:24:04 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/12/11 15:20:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/01 12:03:37 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/26 13:37:30 | 004,870,144 | ---- | M] (Wisdom Software Inc. ) -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
PRC - [2007/01/04 11:10:22 | 000,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/01 15:35:36 | 000,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\aim\aim.exe


========== Modules (SafeList) ==========

MOD - [2011/01/18 19:27:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 07:44:45 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2007/08/28 06:41:48 | 000,189,704 | ---- | M] (CA, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2007/03/28 18:42:42 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/01/04 11:10:22 | 000,280,080 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/03/30 15:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 22:29:49 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/07 14:52:31 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/07 14:52:31 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/11 17:25:41 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/06/16 13:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/03/31 07:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/03/03 22:10:26 | 000,074,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2003/06/19 17:30:18 | 000,752,764 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/02/13 13:27:30 | 000,166,419 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/02/13 13:26:54 | 001,171,584 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/02/13 13:20:46 | 000,594,032 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 15:20:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 15:20:34 | 000,000,000 | ---D | M]

[2009/06/15 17:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2011/01/17 19:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\5nggnzuo.default\extensions
[2010/04/06 17:03:09 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\5nggnzuo.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2011/01/17 19:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 18:30:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/20 22:25:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/05/09 18:29:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2007/06/29 06:14:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AIM] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.clarkcolo...larkActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7966.4513657407 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Euchre http://download.game...nts/y/et1_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/29 12:59:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/18 19:27:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2011/01/18 19:27:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2011/01/18 19:23:35 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/18 19:23:17 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/18 18:51:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/18 16:51:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/18 01:36:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/18 01:00:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Dave at 1 00 AM.job
[2011/01/15 10:16:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/14 17:15:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/12 20:56:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/12 17:27:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

========== Files Created - No Company Name ==========

[2010/05/24 18:11:32 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2007/06/28 06:51:51 | 000,974,549 | -HS- | C] () -- C:\WINDOWS\System32\jrkdlbyl.ini
[2007/06/22 09:04:16 | 000,958,422 | -HS- | C] () -- C:\WINDOWS\System32\wqalclvd.ini
[2007/06/21 08:25:04 | 000,908,633 | -HS- | C] () -- C:\WINDOWS\System32\kfbscngh.ini
[2007/06/20 19:31:33 | 000,907,011 | -HS- | C] () -- C:\WINDOWS\System32\nvwkacuu.ini
[2007/06/19 19:30:33 | 000,901,925 | -HS- | C] () -- C:\WINDOWS\System32\kikcjhyp.ini
[2007/05/20 10:20:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/05/20 09:10:59 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Swirl
[2007/05/20 09:10:59 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2007/03/20 13:32:15 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/27 18:56:18 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2006/12/27 18:55:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/12/27 18:55:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/12/27 18:55:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2006/12/27 18:19:22 | 000,003,751 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/12/27 18:19:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/09/25 21:43:45 | 000,008,868 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/06 10:25:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/11 16:11:52 | 000,000,095 | ---- | C] () -- C:\WINDOWS\savtst32.INI
[2005/10/21 19:09:43 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/04/23 13:22:19 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/11/16 21:50:04 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/11/15 15:23:46 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2004/08/07 12:35:29 | 000,000,105 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2004/08/07 11:44:55 | 000,000,123 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/06 21:02:17 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2004/01/06 21:02:16 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32S.DLL
[2004/01/06 21:02:13 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2003/11/02 08:49:16 | 000,000,594 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/29 14:07:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/29 13:14:01 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/07/29 13:13:28 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2003/07/29 12:47:04 | 000,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/29 12:47:04 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/07/29 05:51:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== LOP Check ==========

[2010/11/20 23:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/11/08 09:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/11/08 09:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Drum Kits
[2008/11/08 09:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/11/08 09:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/05/24 18:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/11/08 09:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/11/08 09:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/11/08 09:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pcsvc
[2008/11/08 09:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra
[2008/11/08 09:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/11/08 09:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/11/08 09:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/10 21:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/25 19:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/08 09:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Aim
[2008/11/08 09:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\InterTrust
[2008/11/08 09:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Lycos
[2008/11/08 09:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\NCH Swift Sound
[2008/11/08 09:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Snapfish
[2008/11/08 09:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Template
[2008/11/08 09:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\TuneUp Software
[2011/01/14 17:15:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2011/01/18 01:00:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Dave at 1 00 AM.job
[2011/01/18 01:36:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >
  • 0

#23
RKinner
Posted 18 January 2011 - 08:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Safe Mode is close to msconfig with all startup and services items turned off. You can try that then see if it is still fast. If it is then just start turning on services and startup items (reboot each time) until you isolate the cause of the slowdown.

I expect the difference in speed is more RAM free in Safe Mode tho why your "fast" machine doesn't get better I have no idea.

Interesting that the second machine is so fast. This one has multiple Java Consoles too. Some evidence of a prior infection:
[2007/06/28 06:51:51 | 000,974,549 | -HS- | C] () -- C:\WINDOWS\System32\jrkdlbyl.ini
[2007/06/22 09:04:16 | 000,958,422 | -HS- | C] () -- C:\WINDOWS\System32\wqalclvd.ini
[2007/06/21 08:25:04 | 000,908,633 | -HS- | C] () -- C:\WINDOWS\System32\kfbscngh.ini
[2007/06/20 19:31:33 | 000,907,011 | -HS- | C] () -- C:\WINDOWS\System32\nvwkacuu.ini
[2007/06/19 19:30:33 | 000,901,925 | -HS- | C] () -- C:\WINDOWS\System32\kikcjhyp.ini

I'd open each of these in notepad and make sure that the files they refer to are gone.

I wonder if the difference in free hard drive space makes a difference?

As far as the time error goes it appears the left hand of MS does not know what the right hand is doing since the default interval for XP is one week (or at least used to be maybe it changed and they forgot to tell some machines). To adjust your time interval you can use

http://www.dougknox....Time Update.zip

Download, Save, right click and Extract All then run the exe file. It will allow you to set it to 8 hours or so which will keep the error from coming back.


Ron
  • 0

#24
DerbyDad03
Posted 19 January 2011 - 06:10 AM

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Obviously narrowing down it to a Startup or Services item might take a long time, but I'll work on it.

I know very little about Services. Can I just disable/enable them in msconfig and not introduce other problems?

I'm thinking about how upnp wouldn't work until the other service (SSPD) was started. Can I just randomly disable/enable service in msconfig without screwing the machine up?
  • 0

#25
RKinner
Posted 19 January 2011 - 07:21 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It will still boot and let you get to msconfig to undo the changes. There is an option under services to hide Microsoft services. I'd try leaving all of the microsoft services on and just uncheck all the rest first.

It shouldn't take too long to find the problem. The way you do it is by turning on half of them first. If that slows it down then the problem is in the half you turned on. So you turn off half of the ones you turned on and check again. If it speeds up then the problem was in the half you just turn off so you turn on half of them.
  • 0

Advertisements

#26
DerbyDad03
Posted 19 January 2011 - 08:43 AM

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Thanks.

"Sneaking up on it" by doing groups at a time was my plan of attack. I was mainly worried about turning off services that other services need and then having them end up with a different "Startup Type" or even Disabled in Admin Tools...Services.

There's close to 100 Services enabled in msconfig and I'd never be able to track down any changes the system made to itself as I enable/disable groups of them.

If you are saying that disabling them in msconfig will have no impact on their settings once I enable them again, I'll proceed.

I'm just being cautious because I know my limitations in this arena.

Edited by DerbyDad03, 19 January 2011 - 08:44 AM.

  • 0

#27
RKinner
Posted 19 January 2011 - 11:42 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You can't do any real damage to it with msconfig. Worst comes to worst you just turn everything back on again.
  • 0

#28
DerbyDad03
Posted 22 January 2011 - 01:34 PM

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Sorry for the delay in getting back to you, but it's been a crazy week at work and home.

I have some good news...and some confusing news.

As far as disabling all Startup items, that didn't help with the download speed, but in the end it did point me towards what appears to be the cause of the problem. More on that later.

Since disabling all Startup items, didn't help, I moved onto disabling all Services.

FYI: Disabling all Services via msconfig is not a viable option. When I tried that, besides getting a message that I needed to reactivate Windows due to "significant" changes, FireFox was unable to access the Internet so I was unable to run any speed tests.

I ended up re-enabling all Services and was about to post my results when I decided to try a few more things.

One thing that I noticed was that when I disabled all Startup items, the avastUI entry would always show up as enabled. In an effort to have it stay disabled, I opened the Avast user interface and disabled all 7 Shields. As soon as I did that, the download speed jumped to 18 - 20 Mb/s.

I eventually narrowed it down to the Web shield. Stopping some of the other shields made a little difference, especially the Mail shield, but the biggest and most consistent impact was made by stopping the Web shield.

Since all of the other machines are running the same version and configuration of Avast, I first tried an Avast Repair on the slow machine (it didn't help) and then an uninstall, new download, new install. Once again, with all shields enabled, I get a 5 - 7 Mb/s download speed but with the Web shield stopped, I'm consistently in the 18 to 20+ range.

So, it seems that we found the problem, but I'm not sure what to do next. I really don't want to use an anti-virus program that significantly degrades the network performance, but Avast has treated me better than anything else I've tried as far as protecting my systems.

Now for the confusing part:

Since it appears that Web Shield is the problem on my machine, I decided to see what would happen if I stopped the Web shield on the other machines.

On the fast Dell that consistently runs near 20 Mb/s, nothing changed.

However, on the other Asrock machine (remember the one that usually tests at around 9 - 10 Mb/s?) things were very confusing. As a "control" I ran a speed test before I stopped the web shield to get a baseline number. The result: ~3 (three!) Mb/s, consistently, test after test. Nothing has changed on that machine recently other than the download of OTL.exe, so I have no clue why that machine has slowed down to even slower than the problem machine.

I stopped the Web shield and the speed jumped to ~10 Mb/s. I booted in Safe Mode, where Avast doesn't run, and it tested at 10 Mb/s. I am sure that Avast was running all shields earlier this week since the Status bar icon shows an exclamation point if any shields are stopped and there was no exclamation point. I'm really confused!

Your thoughts are most certainly welcome!
  • 0

#29
RKinner
Posted 22 January 2011 - 09:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I have a Dell Inspiron 530 with 4 gig of RAM with Vista SP2. Running wireless to a cable modem. I get a tad below 10 Meg regardless of whether Avast is on or off.

I could understand a slight delay if Avast felt it had to scan the incoming data for viruses but I don't see any difference on my PC.

Right click on the clock and select Task Manager then Processes. Check the box Show processes from all user then click twice on the CPU column header so that the biggest CPU users are at the top. When idle mine flips between 99 and 95. Then when the test starts I see that Avast does require a lot of CPU and my CPU usage jumps and even hits 100% at one point so this process is very CPU dependent. I'm wondering if things might be getting a tad warm during the test so that the CPU slows down to protect itself?

Download and save SIW

http://www.gtopala.c...ownload/siw.exe

Right click on it and Run As Administrator. Under Hardware find Sensors and click on it. It should tell you what temperature(s) your CPU(s) is (are) running. Leave it running then run the speedtest and check the temps under the value column. I see that my first cpu (I have a dual core pentium) jumps from 23 to 30 during the test and from 27 to 32 on the second CPU.
  • 0

#30
DerbyDad03
Posted 26 January 2011 - 06:54 AM

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi!

Once again, I've been delayed getting back to this problem due to a very busy work schedule.

I downloaded SIW and ran a few quick tests. Yes, the CPU temp goes up a little but I want to try a few more things before I post any results.

I'll probably get back to it this weekend.

Talk to you soon!
  • 0
Back to Networking · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Hardware
  3. Networking

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP