Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop running slow

Started by Jay77 , Jan 18 2011 04:27 PM

  • Please log in to reply

#1
Jay77
Posted 18 January 2011 - 04:27 PM

Jay77

    New Member

  • Member
  • Pip
  • 5 posts
Hi,

My laptop has been running slow for quite a long time, getting worse daily until yesterday when it became blatently infected with a virus/spyware/malware(i don't know which!). My laptop became increasingly unuseable as I was blocked from opening any documents, task manager, and most of the options I found on control panel that I thought may help. While this was happening internet explorer kept randomly opening (i use firefox) on a page asking me to buy software called 'antivirus scan' or something along those lines. I put my laptop in safe mode and did a system restore to a couple weeks ago, so now my laptop is better, but its still freezing and crashing every now and then. And its running quite slow!

An issue I have been having for the past few months is the laptop holts, the screen turns blue and theres text saying something about a hardware malfunction. When this happens I have to switch the laptop off by the button. This has continued to happen since the system restore.

Please help!
Thanks


OTL logfile created on: 18/01/2011 21:16:09 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Blessing\Desktop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 239.00 Mb Available Physical Memory | 24.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.95 Gb Total Space | 45.65 Gb Free Space | 43.50% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.22 Gb Free Space | 83.28% Space Free | Partition Type: NTFS

Computer Name: JP | User Name: Blessing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/18 21:15:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Blessing\Desktop\Downloads\OTL.exe
PRC - [2010/12/13 12:40:18 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/13 12:40:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/25 09:56:24 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/16 00:42:21 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/16 00:42:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/08/31 10:25:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/08 19:37:48 | 000,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/13 17:51:46 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2008/12/13 17:15:26 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008/10/24 08:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/01/22 06:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEJE.EXE
PRC - [2008/01/19 07:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/11 02:20:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/04 14:13:56 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/12/05 15:38:58 | 000,707,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/01/18 21:15:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Blessing\Desktop\Downloads\OTL.exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/08/16 00:45:33 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/08/16 00:40:49 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/08/16 00:40:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/13 17:15:26 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 14:13:56 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - [2010/08/16 00:45:27 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/16 00:44:56 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/16 00:44:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/24 06:13:40 | 000,494,368 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/04/11 04:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/12/13 17:15:26 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/02/22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/09/11 02:20:00 | 001,775,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/05 15:39:12 | 001,963,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/10/18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {C45955FB-3579-4C3C-B53F-A8DD12396C82}:1.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/01/17 14:13:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/01/17 14:13:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/09 02:47:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/09 02:47:05 | 000,000,000 | ---D | M]

[2009/01/06 19:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blessing\AppData\Roaming\mozilla\Extensions
[2011/01/18 20:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blessing\AppData\Roaming\mozilla\Firefox\Profiles\l07kapzh.default\extensions
[2009/07/28 13:00:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Blessing\AppData\Roaming\mozilla\Firefox\Profiles\l07kapzh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/21 16:14:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Blessing\AppData\Roaming\mozilla\Firefox\Profiles\l07kapzh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/24 21:23:52 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Blessing\AppData\Roaming\mozilla\Firefox\Profiles\l07kapzh.default\extensions\[email protected]
[2010/11/01 09:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/03 18:15:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/17 14:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\BLESSING\APPDATA\LOCAL\{C45955FB-3579-4C3C-B53F-A8DD12396C82}
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/09/03 18:13:58 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/13 12:40:26 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/13 12:40:27 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/13 12:40:27 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/13 12:40:28 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [EPSON BX300F Series (Copy 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 155.198.142.7 155.198.142.8
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Blessing\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Blessing\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4c54b6b6-c504-11dd-80d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c54b6b6-c504-11dd-80d9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{b16e8022-fab9-11de-92c4-00030d7ae473}\Shell - "" = AutoRun
O33 - MountPoints2\{b16e8022-fab9-11de-92c4-00030d7ae473}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{e0a02807-c504-11dd-876e-00030d7ae473}\Shell - "" = AutoRun
O33 - MountPoints2\{e0a02807-c504-11dd-876e-00030d7ae473}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f46b7c12-12ec-11de-bb08-001060bcda9a}\Shell\Auto\command - "" = D:\auto.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/18 20:53:30 | 000,000,000 | ---D | C] -- C:\Users\Blessing\AppData\Roaming\BitTorrent
[2011/01/18 20:19:50 | 000,000,000 | ---D | C] -- C:\b3af1e544a635fe0c1ab287f
[2011/01/18 00:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/18 00:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/18 00:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/12 21:25:22 | 000,000,000 | ---D | C] -- C:\Users\Blessing\AppData\Local\{C45955FB-3579-4C3C-B53F-A8DD12396C82}(299)
[2011/01/09 02:55:56 | 000,000,000 | ---D | C] -- C:\Users\Blessing\AppData\Local\Apple Computer
[2011/01/09 02:55:55 | 000,000,000 | ---D | C] -- C:\Users\Blessing\AppData\Roaming\Apple Computer
[2011/01/09 02:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/09 02:53:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/01/09 02:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/09 02:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/09 02:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/09 02:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/09 02:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/09 02:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/01/09 02:44:29 | 000,000,000 | ---D | C] -- C:\Users\Blessing\AppData\Local\Apple
[2011/01/09 02:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/09 02:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/09 02:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/01/09 02:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/12/21 17:54:29 | 000,000,000 | ---D | C] -- C:\Users\Blessing\Documents\n &p

========== Files - Modified Within 30 Days ==========

[2011/01/18 20:54:34 | 000,000,805 | ---- | M] () -- C:\Users\Blessing\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/01/18 20:54:33 | 000,000,781 | ---- | M] () -- C:\Users\Blessing\Desktop\BitTorrent.lnk
[2011/01/18 20:33:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/18 20:33:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/18 20:32:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/18 20:26:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/01/17 13:55:13 | 000,001,356 | ---- | M] () -- C:\Users\Blessing\AppData\Local\d3d9caps.dat
[2011/01/17 13:43:09 | 000,004,044 | ---- | M] () -- C:\Users\Blessing\AppData\Roaming\EC18.F53
[2011/01/16 23:39:54 | 000,763,392 | ---- | M] () -- C:\Users\Blessing\Documents\PSO Application form.doc
[2011/01/16 18:26:42 | 000,000,120 | ---- | M] () -- C:\Users\Blessing\AppData\Local\Cmorohazoz.dat
[2011/01/16 18:26:42 | 000,000,000 | ---- | M] () -- C:\Users\Blessing\AppData\Local\Pyidoxufap.bin
[2011/01/12 11:15:53 | 070,044,974 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/01/10 14:54:32 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/10 14:54:32 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/09 02:55:02 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/09 02:46:18 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/06 15:55:42 | 000,000,480 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Blessing.job
[2011/01/05 09:48:46 | 000,011,716 | ---- | M] () -- C:\Users\Blessing\Documents\If there is not an attendant in the shop.docx
[2011/01/05 09:47:08 | 000,010,501 | ---- | M] () -- C:\Users\Blessing\Documents\car FOR SALE.docx
[2010/12/30 20:32:55 | 000,021,465 | ---- | M] () -- C:\Users\Blessing\Documents\shop stock taking 30 december 2010.xlsx
[2010/12/28 13:46:30 | 000,000,567 | ---- | M] () -- C:\Users\Blessing\Desktop\1 - Shortcut.lnk

========== Files Created - No Company Name ==========

[2011/01/18 20:54:34 | 000,000,805 | ---- | C] () -- C:\Users\Blessing\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/01/18 20:54:33 | 000,000,781 | ---- | C] () -- C:\Users\Blessing\Desktop\BitTorrent.lnk
[2011/01/17 02:29:35 | 000,004,044 | ---- | C] () -- C:\Users\Blessing\AppData\Roaming\EC18.F53
[2011/01/16 22:34:04 | 000,763,392 | ---- | C] () -- C:\Users\Blessing\Documents\PSO Application form.doc
[2011/01/09 02:55:02 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/09 02:46:18 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/05 04:12:11 | 000,010,501 | ---- | C] () -- C:\Users\Blessing\Documents\car FOR SALE.docx
[2010/12/30 17:55:00 | 000,021,465 | ---- | C] () -- C:\Users\Blessing\Documents\shop stock taking 30 december 2010.xlsx
[2010/12/28 13:46:30 | 000,000,567 | ---- | C] () -- C:\Users\Blessing\Desktop\1 - Shortcut.lnk
[2010/09/03 15:31:48 | 000,000,000 | ---- | C] () -- C:\Users\Blessing\AppData\Local\prvlcl.dat
[2010/02/09 18:06:36 | 000,000,000 | ---- | C] () -- C:\Users\Blessing\AppData\Local\Pyidoxufap.bin
[2010/02/09 18:06:35 | 000,000,120 | ---- | C] () -- C:\Users\Blessing\AppData\Local\Cmorohazoz.dat
[2010/02/09 18:02:38 | 000,000,016 | ---- | C] () -- C:\Users\Blessing\AppData\Roaming\sgcpom.dat
[2010/02/09 18:02:32 | 000,000,004 | ---- | C] () -- C:\Users\Blessing\AppData\Roaming\avdrn.dat
[2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/24 17:44:50 | 000,001,356 | ---- | C] () -- C:\Users\Blessing\AppData\Local\d3d9caps.dat
[2009/08/07 23:00:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/26 20:24:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/03/26 20:24:43 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/02/09 20:09:21 | 000,000,000 | ---- | C] () -- C:\Windows\checkbsm.ini
[2009/01/23 13:21:28 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2009/01/23 11:23:02 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/01/23 11:23:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/08 15:36:21 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/01/08 15:27:37 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini
[2009/01/05 13:36:55 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/31 17:09:53 | 000,009,216 | ---- | C] () -- C:\Users\Blessing\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 16:15:25 | 000,024,206 | ---- | C] () -- C:\Users\Blessing\AppData\Roaming\UserTile.png
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/09/12 19:53:26 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/12 19:53:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/04/19 15:14:32 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini

========== LOP Check ==========

[2011/01/18 21:24:49 | 000,000,000 | ---D | M] -- C:\Users\Blessing\AppData\Roaming\BitTorrent
[2009/02/07 16:44:36 | 000,000,000 | ---D | M] -- C:\Users\Blessing\AppData\Roaming\EPSON
[2008/12/08 14:53:47 | 000,000,000 | ---D | M] -- C:\Users\Blessing\AppData\Roaming\IObit
[2010/10/13 15:46:11 | 000,000,000 | ---D | M] -- C:\Users\Blessing\AppData\Roaming\Opera
[2008/12/18 16:15:24 | 000,000,000 | ---D | M] -- C:\Users\Blessing\AppData\Roaming\PeerNetworking
[2010/01/06 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\Blessing\AppData\Roaming\Program Files
[2010/10/09 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\Blessing\AppData\Roaming\Research In Motion
[2009/03/26 20:24:11 | 000,000,000 | ---D | M] -- C:\Users\Blessing\AppData\Roaming\Samsung
[2010/10/10 01:03:26 | 000,000,000 | ---D | M] -- C:\Users\Blessing\AppData\Roaming\Sports Interactive
[2011/01/18 20:27:00 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
fenzodahl512
Posted 18 January 2011 - 09:27 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  • 0

#3
Jay77
Posted 19 January 2011 - 02:23 PM

Jay77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I can't disable or uninstall AVG. I've tried restarting my laptop and trying again but that doesn't work either. So ComboFix isn't running.

I followed the guide to disable antiviruses, but is there any other advice for dealing with it when it refuses to be switched off?

The blue screen thing happened again, so I wrote down what it said:
Hardware Malfunction
Call your hardware vendor for support
NMI: Parity check/memory parity error
***The system has halted***


Thanks
  • 0

#4
fenzodahl512
Posted 19 January 2011 - 05:25 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please uninstall AVG via below program..

http://www.appremover.com/

Below is the tutorial on how to use it..

http://www.appremove...appremover.html

Then after that, restart your computer and re-download a fresh copy of ComboFix and try to run it again.. If still fails, please run ComboFix in Safe Mode

Tell me more how it goes.. :D
  • 0

#5
Jay77
Posted 20 January 2011 - 09:41 AM

Jay77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks, that worked well!

Heres the ComboFix log:

ComboFix 11-01-19.04 - Blessing 20/01/2011 15:06:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1014.287 [GMT 0:00]
Running from: c:\users\Blessing\Desktop\Downloads\Combo-Fix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Blessing\AppData\Roaming\avdrn.dat

.
((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))
.

2011-01-20 15:21 . 2011-01-20 15:22 -------- d-----w- c:\users\Blessing\AppData\Local\temp
2011-01-20 15:21 . 2011-01-20 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-19 03:02 . 2011-01-19 03:05 -------- d-----w- C:\402c32d347e448e309
2011-01-19 02:18 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-19 02:18 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-19 02:18 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-19 02:18 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-19 02:18 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-19 02:18 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-19 02:17 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-18 22:35 . 2011-01-18 22:35 -------- d-----w- c:\program files\Ashampoo
2011-01-18 20:53 . 2011-01-18 22:50 -------- d-----w- c:\users\Blessing\AppData\Roaming\BitTorrent
2011-01-18 00:56 . 2011-01-18 02:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-18 00:56 . 2011-01-18 00:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-12 21:25 . 2011-01-12 21:25 -------- d-----w- c:\users\Blessing\AppData\Local\{C45955FB-3579-4C3C-B53F-A8DD12396C82}(299)
2011-01-09 02:55 . 2011-01-09 02:55 -------- d-----w- c:\users\Blessing\AppData\Local\Apple Computer
2011-01-09 02:55 . 2011-01-09 03:28 -------- d-----w- c:\users\Blessing\AppData\Roaming\Apple Computer
2011-01-09 02:53 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-09 02:53 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-09 02:53 . 2011-01-09 02:53 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-09 02:51 . 2011-01-09 02:51 -------- d-----w- c:\program files\iPod
2011-01-09 02:51 . 2011-01-09 02:53 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-09 02:51 . 2011-01-09 02:53 -------- d-----w- c:\program files\iTunes
2011-01-09 02:45 . 2011-01-09 02:51 -------- d-----w- c:\programdata\Apple Computer
2011-01-09 02:44 . 2011-01-09 02:44 -------- d-----w- c:\users\Blessing\AppData\Local\Apple
2011-01-09 02:44 . 2011-01-09 02:44 -------- d-----w- c:\program files\Apple Software Update
2011-01-09 02:38 . 2011-01-09 02:38 -------- d-----w- c:\program files\Bonjour
2011-01-09 02:37 . 2011-01-09 03:27 -------- d-----w- c:\programdata\Apple
2011-01-09 02:37 . 2011-01-09 02:51 -------- d-----w- c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-16 18:26 . 2010-02-09 18:06 0 ----a-w- c:\users\Blessing\AppData\Local\Pyidoxufap.bin
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-04 18:56 . 2010-12-15 08:48 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-15 08:48 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-15 08:48 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-15 08:48 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-15 08:48 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:44 . 2010-12-15 08:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-15 08:48 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-15 08:48 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2008-12-13 98304]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-11 4468736]
"Skytel"="Skytel.exe" [2007-09-11 1826816]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800]
"VX1000"="c:\windows\vVX1000.exe" [2006-12-05 707360]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2008-12-13 233472]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2008-12-13 36608]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 494368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-20 c:\windows\Tasks\Norton Security Scan for Blessing.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-08 10:04]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Blessing\AppData\Roaming\Mozilla\Firefox\Profiles\l07kapzh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6889c5&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=uk&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NPSStartup - (no file)
AddRemove-Shockwave - c:\windows\System32\Macromed\Shockwave 8\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-20 15:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-20 15:33:41
ComboFix-quarantined-files.txt 2011-01-20 15:33

Pre-Run: 47,800,606,720 bytes free
Post-Run: 47,972,651,008 bytes free

- - End Of File - - C887FD639EFF6FB46FC346DBE2F374E2
  • 0

#6
fenzodahl512
Posted 20 January 2011 - 07:46 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Erm.. not much in ComboFix log.. How's the computer now? :D
  • 0

#7
Jay77
Posted 20 January 2011 - 08:21 PM

Jay77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Its actually running quite well! Is there any chance downloading AVG again could cause problems?

Thanks
  • 0

#8
fenzodahl512
Posted 20 January 2011 - 08:28 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts

Its actually running quite well! Is there any chance downloading AVG again could cause problems?

Thanks


Probably, as you only have 1gb of RAM on the system

1,014.00 Mb Total Physical Memory | 239.00 Mb Available Physical Memory | 24.00% Memory free


While 1gb of RAM adequate for most basic system, its best if you can upgrade it a little bit more to 2gb of RAM.. Plus right now you have no antivirus on the computer which is not advisable.. Please install one antivirus of your choice, if you ask me, I'd prefer either Avast or Avira :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP