Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Too Slow (over 1 hour to boot)

Started by Karebony , Jul 29 2011 09:17 AM

  • Please log in to reply

#1
Karebony
Posted 29 July 2011 - 09:17 AM

Karebony

    New Member

  • Member
  • Pip
  • 7 posts
My computer has increasingly gotten more slow to the point where it drags to even run a single process. It takes over one hour to boot. I also have sweetim and facemoods toolbars that don't want to go away even though I have tried deleting it.

Here is my OTL:


OTL logfile created on: 7/28/2011 8:34:24 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Karen\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.97 Mb Total Physical Memory | 187.88 Mb Available Physical Memory | 18.53% Memory free
2.38 Gb Paging File | 0.99 Gb Available in Paging File | 41.48% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.77 Gb Total Space | 87.49 Gb Free Space | 82.71% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DGR6LDG1 | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/28 20:33:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen\My Documents\Downloads\OTL.exe
PRC - [2011/07/28 06:15:17 | 000,080,384 | ---- | M] () -- C:\MGtools\MBRcheck.exe
PRC - [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/06/30 06:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/05 14:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
PRC - [2010/07/26 03:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2008/03/30 18:04:54 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/12/21 08:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/07/27 14:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 03:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2004/08/04 03:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe


========== Modules (SafeList) ==========

MOD - [2011/07/28 20:33:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen\My Documents\Downloads\OTL.exe
MOD - [2010/09/20 12:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll
MOD - [2006/08/25 06:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2008/06/01 18:59:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/11 07:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/28 05:23:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/22 17:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 14:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/06/30 16:20:24 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110728.031\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/17 19:43:08 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110728.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 19:43:06 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110728.024\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 17:03:58 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/20 02:36:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/03/30 18:04:54 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/11 11:22:24 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 16:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 16:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 16:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/28 12:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 12:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/23 16:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/07/10 13:07:56 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 12:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 12:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 12:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 10:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/20 15:48:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/07/27 22:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/04 16:02:53 | 000,000,000 | ---D | M]

[2011/04/08 09:44:08 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2011/07/28 15:36:22 | 000,000,735 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: brainfuse.com ([admin] http in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([admin] https in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/28 18:57:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/28 05:53:13 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/07/27 22:56:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/27 22:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/27 15:54:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/27 15:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Application Data\Malwarebytes
[2011/07/27 15:36:51 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/27 15:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/27 15:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/27 15:36:43 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/27 15:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/27 15:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Application Data\SUPERAntiSpyware.com
[2011/07/27 15:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/27 15:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/27 15:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/27 14:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/22 19:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/07/22 19:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/22 13:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Start Menu\Programs\HiJackThis
[2011/07/22 13:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/21 10:41:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Karen\Start Menu\Programs\Administrative Tools
[2011/07/15 07:12:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Karen\PrivacIE
[2011/07/15 00:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Local Settings\Application Data\Ares
[2011/07/01 16:03:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/01 16:03:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/01 16:03:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/28 20:42:29 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006UA.job
[2011/07/28 19:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/28 17:30:47 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Karen.job
[2011/07/28 15:36:22 | 000,000,735 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/28 13:42:03 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006Core.job
[2011/07/28 10:57:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 23:26:47 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006.job
[2011/07/27 23:26:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-169294577-1357389737-788227818-1006.job
[2011/07/27 22:56:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/27 22:37:28 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/07/27 22:31:01 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job
[2011/07/27 22:22:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 22:21:58 | 1063,297,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/27 16:15:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Karen\settings.dat
[2011/07/27 15:36:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mb.exe.lnk
[2011/07/27 15:01:32 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/27 14:50:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Karen\defogger_reenable
[2011/07/27 14:38:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/15 11:50:11 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Karen\My Documents\spider.sav
[2011/07/12 17:58:14 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/12 17:58:12 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\Google Chrome.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 22:56:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/27 22:56:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/27 16:15:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Karen\settings.dat
[2011/07/27 15:36:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mb.exe.lnk
[2011/07/27 15:01:32 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/27 14:50:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Karen\defogger_reenable
[2011/07/22 06:17:20 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006.job
[2011/07/15 10:51:19 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\Karen\My Documents\spider.sav
[2011/06/07 11:18:49 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 18:32:09 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/12 01:11:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/01 19:06:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/01 18:55:51 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/06/01 18:40:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/06/01 18:40:25 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/06/01 18:40:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/06/01 18:39:53 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008/06/01 18:13:25 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/06/01 18:13:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/06/01 18:13:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/01 18:13:23 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/06/01 18:11:11 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 11:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 11:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 10:57:15 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 10:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 10:51:20 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 10:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 10:51:20 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 10:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 10:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 10:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 10:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 10:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 10:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 10:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 10:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

I also got this from OTL:




Computer Name: DGR6LDG1 | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Documents and Settings\Karen\My Documents\Downloads\PDFReader_Setup (1).exe" = C:\Documents and Settings\Karen\My Documents\Downloads\PDFReader_Setup (1).exe:*:Enabled:InstallCore™ -- (InstallCore© Technologies )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"BN_DesktopReader" = NOOK for PC
"Brainfuse Participant QuickConnect" = Brainfuse Participant QuickConnect
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FX - PDF Reader" = PDF Reader (remove only)
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"N360" = Norton Security Suite
"NSS" = Norton Security Scan
"SynTPDeinstKey" = Dell Touchpad
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2011 7:52:22 AM | Computer Name = DGR6LDG1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x02000f95.

Error - 7/20/2011 2:27:23 PM | Computer Name = DGR6LDG1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x02000f95.

Error - 7/20/2011 2:31:31 PM | Computer Name = DGR6LDG1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x02000f95.

Error - 7/22/2011 9:51:15 AM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2011 9:51:22 AM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2011 4:52:59 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application HiJackThis.exe, version 2.0.0.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2011 4:54:10 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application HiJackThis.exe, version 2.0.0.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2011 4:54:41 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application HiJackThis.exe, version 2.0.0.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2011 4:54:54 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application HiJackThis.exe, version 2.0.0.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2011 5:59:15 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/27/2011 8:34:25 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the N360 service.

Error - 7/27/2011 8:34:51 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the N360 service.

Error - 7/27/2011 8:35:21 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the N360 service.

Error - 7/27/2011 8:35:51 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the N360 service.

Error - 7/27/2011 8:36:21 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the N360 service.

Error - 7/27/2011 9:53:15 PM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 7/28/2011 1:26:28 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor

Error - 7/28/2011 1:58:30 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/28/2011 8:18:23 AM | Computer Name = DGR6LDG1 | Source = Dhcp | ID = 1002
Description = The IP address lease 68.82.104.254 for the Network Card with network
address 001D09BC8B9C has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/28/2011 8:18:54 AM | Computer Name = DGR6LDG1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.10 for the Network Card with network
address 001D09BC8B9C has been denied by the DHCP server 68.87.64.34 (The DHCP Server
sent a DHCPNACK message).


< End of report >

Please help!
  • 0

Advertisements

#2
RKinner
Posted 30 July 2011 - 06:21 PM

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
I've seen this on two other computers. Both took about 45 minutes to boot and it was something wrong with Norton/Symantec that caused it.

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US)

Run the Norton Removal tool.

Uninstall SUPERAntiSpyware

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron
  • 0

#3
Karebony
Posted 01 August 2011 - 11:24 AM

Karebony

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for your prompt response. Here are the logs from all the scans.

Malware Bytes Log:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7338

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/31/2011 7:53:04 AM
mbam-log-2011-07-31 (07-53-03).txt

Scan type: Quick scan
Objects scanned: 147382
Time elapsed: 31 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Combofix Log:


ComboFix 11-07-31.03 - Karen 07/31/2011 9:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.643 [GMT -7:00]
Running from: c:\documents and settings\Karen\My Documents\Downloads\863371-ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 16:27 . 2011-07-31 16:28 -------- d-----w- c:\program files\ABP Support
2011-07-31 15:26 . 2011-07-31 16:28 -------- d-----w- C:\ComboFix
2011-07-31 14:20 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 14:20 . 2011-07-31 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 14:20 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 02:19 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-31 02:19 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-31 02:19 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-31 02:19 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-31 02:19 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-31 02:19 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-31 02:19 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-31 02:19 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-31 02:18 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-31 02:18 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-31 02:16 . 2011-07-31 02:16 -------- d-----w- c:\program files\AVAST Software
2011-07-31 02:16 . 2011-07-31 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-31 01:55 . 2011-07-31 01:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-30 22:11 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-07-30 22:11 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-30 22:10 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-07-30 22:08 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-30 22:07 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-07-30 22:07 . 2011-04-29 16:19 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-30 22:04 . 2011-05-02 15:31 692736 ------w- c:\windows\system32\dllcache\inetcomm.dll
2011-07-30 22:02 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-07-30 22:02 . 2010-12-09 13:42 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-07-30 22:02 . 2010-12-09 13:38 2192768 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-07-30 22:02 . 2010-12-09 13:07 2027008 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-07-30 22:02 . 2010-12-09 13:07 2069376 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-07-30 22:01 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-07-30 22:01 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-07-30 22:01 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-07-30 20:59 . 2011-07-30 21:00 -------- d-----w- c:\program files\CCleaner
2011-07-30 14:13 . 2011-07-30 14:13 -------- d-----w- c:\program files\Auslogics
2011-07-30 06:11 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-07-30 06:10 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-07-30 06:08 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-07-30 06:08 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-07-30 06:08 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-07-30 06:08 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-07-30 06:08 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-07-30 06:08 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-07-30 06:08 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-07-30 06:08 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-07-30 06:08 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-07-30 06:06 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-07-30 06:03 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-07-30 06:02 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\system32\scripting
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\l2schemas
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\system32\en
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\system32\bits
2011-07-30 04:20 . 2011-07-30 04:20 -------- d-----w- c:\windows\EHome
2011-07-29 20:05 . 2011-07-29 20:05 -------- d-----w- C:\VundoFix Backups
2011-07-29 19:06 . 2005-04-04 06:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-07-29 19:06 . 2005-04-04 06:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-07-29 19:06 . 2005-04-04 06:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-07-29 19:06 . 2005-04-04 05:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-07-29 19:06 . 2005-04-04 06:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-07-29 19:06 . 2011-07-29 19:06 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-07-29 19:06 . 2011-07-29 19:06 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-07-29 17:46 . 2011-07-29 17:46 -------- d-----w- c:\documents and settings\Karen\Application Data\Safer Networking
2011-07-29 17:09 . 2011-07-29 18:24 -------- d-----w- c:\program files\Safer Networking
2011-07-29 15:26 . 2011-07-31 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-29 15:26 . 2011-07-29 17:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-28 12:53 . 2011-07-29 14:21 -------- d-----w- C:\MGtools
2011-07-27 22:37 . 2011-07-27 22:37 -------- d-----w- c:\documents and settings\Karen\Application Data\Malwarebytes
2011-07-27 22:36 . 2011-07-27 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-27 22:03 . 2011-07-27 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-23 02:44 . 2011-07-23 02:44 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-22 20:46 . 2011-07-22 20:46 388096 ----a-r- c:\documents and settings\Karen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-22 20:46 . 2011-07-22 20:46 -------- d-----w- c:\program files\Trend Micro
2011-07-15 14:12 . 2011-07-15 14:12 -------- d-sh--w- c:\documents and settings\Karen\PrivacIE
2011-07-15 07:49 . 2011-07-15 07:50 -------- d-----w- c:\documents and settings\Karen\Local Settings\Application Data\Ares
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 11:52 . 2011-01-12 06:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 09:25 . 2008-06-02 01:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-31 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-02 01:59 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/30/2011 7:19 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/30/2011 7:19 PM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/30/2011 7:19 PM 19544]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/13/2011 1:32 PM 135664]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 EraserUtilDrv11113;EraserUtilDrv11113;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/13/2011 1:32 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-31 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Karen Logon.job
- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2011-07-30 18:06]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 20:32]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 20:32]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006Core.job
- c:\documents and settings\Karen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-12 06:25]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006UA.job
- c:\documents and settings\Karen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-12 06:25]
.
2011-07-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 22:25]
.
2011-07-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-169294577-1357389737-788227818-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 22:25]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: brainfuse.com\admin
Trusted Zone: brainfuse.com\www
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-NortonUpdateAgent - c:\documents and settings\All Users\Application Data\Norton\NUA.exe
Notify-!SASWinLogon - (no file)
AddRemove-FX - PDF Reader - c:\progra~1\PDFREA~1\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-31 09:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2360)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-07-31 09:52:33
ComboFix-quarantined-files.txt 2011-07-31 16:52
ComboFix2.txt 2011-07-29 19:40
.
Pre-Run: 92,151,652,352 bytes free
Post-Run: 92,260,270,080 bytes free
.
- - End Of File - - 790196090C9D52A88A6EFF4F662C87D8


1st avast (it got stuck so I had to abort it and re-do):

Java-Jade-C (Heur) it found two of those on application data\sun java\deployment

2nd avast:

3 win32 trojan-gen on PDF Reader-setup.exe

1 win 32 Hupigon-ONX on c: hiberfill.sys (This was not moved to the chest due to error: there is not space on the disk (112) )

1 win trojan-gen on PDF Reader\uninstall\uninstall.exe

1 PUP:win32:BHO on system volume information restore

1 PUP:win32:PUP-gen on system volume information restore

1 PUP:NSIS:Zango on system volume information restore

1 PUP:NSIS:Zango-AH on system volume information restore (this is not marked as error or moved to chest either)

1 win32 trojan-gen on system volume information restore

ASWMBR log:

swMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-07-31 12:41:09
-----------------------------
12:41:09.296 OS Version: Windows 5.1.2600 Service Pack 3
12:41:09.296 Number of processors: 2 586 0xF0D
12:41:09.296 ComputerName: DGR6LDG1 UserName: Karen
12:41:12.203 Initialize success
12:41:12.343 AVAST engine defs: 11073100
12:41:14.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:41:14.984 Disk 0 Vendor: WDC_WD1200BEVS-75UST0 01.01A01 Size: 114473MB BusType: 3
12:41:15.000 Disk 0 MBR read successfully
12:41:15.000 Disk 0 MBR scan
12:41:15.000 Disk 0 unknown MBR code
12:41:15.031 Disk 0 scanning sectors +234436545
12:41:15.156 Disk 0 scanning C:\WINDOWS\system32\drivers
12:41:58.500 Service scanning
12:42:04.156 Modules scanning
12:42:33.625 Disk 0 trace - called modules:
12:42:33.640 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
12:42:33.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dd1ab8]
12:42:33.640 3 CLASSPNP.SYS[f76b0fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86cc2940]
12:42:39.000 AVAST engine scan C:\WINDOWS
12:42:55.156 AVAST engine scan C:\WINDOWS\system32
12:49:31.500 AVAST engine scan C:\WINDOWS\system32\drivers
12:50:08.390 AVAST engine scan C:\Documents and Settings\Karen
12:57:42.203 AVAST engine scan C:\Documents and Settings\All Users
12:59:15.437 Scan finished successfully
13:02:17.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Karen\Desktop\MBR.dat"
13:02:18.000 The log file has been saved successfully to "C:\Documents and Settings\Karen\Desktop\aswMBR.txt"


OTL log:

OTL logfile created on: 7/31/2011 1:06:55 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Karen\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.97 Mb Total Physical Memory | 338.19 Mb Available Physical Memory | 33.35% Memory free
2.38 Gb Paging File | 1.85 Gb Available in Paging File | 77.47% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.77 Gb Total Space | 85.95 Gb Free Space | 81.26% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DGR6LDG1 | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/28 20:33:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen\My Documents\Downloads\OTL.exe
PRC - [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/07/26 03:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/30 18:04:54 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/12/21 08:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/07/27 14:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/07/28 20:33:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen\My Documents\Downloads\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PavPrSrv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/06/01 18:59:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/11 07:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/03/30 18:04:54 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/11 11:22:24 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 16:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 16:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 16:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/28 12:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 12:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/23 16:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/07/10 13:07:56 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 12:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 12:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 12:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 10:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/04 16:02:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/28 15:36:22 | 000,000,735 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: brainfuse.com ([admin] http in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([admin] https in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/31 09:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\ABP Support
[2011/07/31 08:49:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/31 08:26:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/31 07:20:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 07:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/31 07:20:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 07:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/30 19:53:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/07/30 19:19:39 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/30 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/30 19:19:38 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/30 19:19:33 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/30 19:19:33 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/30 19:19:32 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/30 19:19:31 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/30 19:19:31 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/30 19:19:30 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/30 19:18:06 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/30 19:18:02 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/30 19:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/30 19:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/30 18:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/07/30 17:47:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Karen\Recent
[2011/07/30 15:11:36 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/07/30 15:11:34 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/07/30 15:10:43 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/07/30 15:08:52 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/07/30 15:07:26 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/07/30 15:07:11 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/07/30 15:04:04 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/07/30 15:02:24 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/07/30 15:02:22 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/07/30 15:02:17 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/07/30 15:02:15 | 002,069,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/07/30 15:01:51 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/07/30 15:01:19 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2011/07/30 14:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/30 13:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/30 07:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/07/30 07:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/07/30 06:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/29 23:11:47 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/07/29 23:10:11 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/07/29 23:08:57 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/07/29 23:08:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/07/29 23:06:55 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/07/29 23:03:13 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/07/29 22:25:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/07/29 22:25:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/07/29 22:25:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/07/29 22:25:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/07/29 21:38:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/07/29 21:20:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/07/29 21:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/07/29 13:05:14 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/07/29 12:21:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/29 12:21:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/29 12:21:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/29 12:21:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/29 10:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Application Data\Safer Networking
[2011/07/29 10:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2011/07/29 08:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/29 08:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/29 08:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/28 05:53:13 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/07/27 22:56:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/27 22:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/27 15:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Application Data\Malwarebytes
[2011/07/27 15:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/27 15:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/27 14:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/22 19:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/07/22 19:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/22 13:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Start Menu\Programs\HiJackThis
[2011/07/22 13:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/21 10:41:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Karen\Start Menu\Programs\Administrative Tools
[2011/07/15 07:12:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Karen\PrivacIE
[2011/07/15 00:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Local Settings\Application Data\Ares
[2011/07/01 16:03:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/01 16:03:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/01 16:03:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/31 13:02:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\MBR.dat
[2011/07/31 12:57:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/31 12:23:04 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006UA.job
[2011/07/31 10:57:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/31 09:19:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/31 09:18:59 | 1063,297,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/31 07:20:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 06:42:02 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On Karen Logon.job
[2011/07/31 02:23:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006Core.job
[2011/07/31 02:16:36 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006.job
[2011/07/30 21:41:20 | 000,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/30 21:41:19 | 000,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/30 21:04:11 | 000,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/30 20:24:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/30 19:19:39 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/30 19:19:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/30 18:56:40 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-169294577-1357389737-788227818-1006.job
[2011/07/30 14:00:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/30 07:14:48 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2011/07/30 07:14:48 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\Auslogics BoostSpeed.lnk
[2011/07/30 06:53:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/30 06:49:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/29 21:34:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/29 10:16:04 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[2011/07/29 08:27:39 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/29 08:27:38 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\Spybot - Search & Destroy.lnk
[2011/07/29 08:17:48 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/07/28 15:36:22 | 000,000,735 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/27 16:15:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Karen\settings.dat
[2011/07/27 15:36:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mb.exe.lnk
[2011/07/27 14:50:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Karen\defogger_reenable
[2011/07/27 14:38:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/15 11:50:11 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Karen\My Documents\spider.sav
[2011/07/12 17:58:14 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/12 17:58:12 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\Google Chrome.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 04:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/31 13:02:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Karen\Desktop\MBR.dat
[2011/07/31 07:20:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/30 19:43:32 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/30 19:19:39 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/30 14:00:22 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/30 07:16:58 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On Karen Logon.job
[2011/07/30 07:14:48 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2011/07/30 07:14:47 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Karen\Desktop\Auslogics BoostSpeed.lnk
[2011/07/29 12:21:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/29 12:21:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/29 12:21:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/29 12:21:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/29 12:21:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/29 09:36:30 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006.job
[2011/07/29 08:27:38 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/29 08:27:38 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Karen\Desktop\Spybot - Search & Destroy.lnk
[2011/07/27 22:56:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/27 22:56:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/27 16:15:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Karen\settings.dat
[2011/07/27 15:36:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mb.exe.lnk
[2011/07/27 14:50:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Karen\defogger_reenable
[2011/07/15 10:51:19 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\Karen\My Documents\spider.sav
[2011/06/07 11:18:49 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 18:32:09 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/12 01:11:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/01 19:06:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/01 18:55:51 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/06/01 18:40:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/06/01 18:40:25 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/06/01 18:40:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/06/01 18:39:53 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008/06/01 18:13:25 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/06/01 18:13:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/06/01 18:13:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/01 18:13:23 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/06/01 18:11:11 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 11:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 11:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 10:57:15 | 000,145,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 10:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 10:51:20 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 10:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 10:51:20 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 10:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 10:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 10:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 10:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 10:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 10:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 10:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 10:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >
  • 0

#4
Karebony
Posted 01 August 2011 - 11:40 AM

Karebony

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Oops, I forgot to mark All for the registry so I only got one log. I ran OTL again and this is what I got:


OTL logfile created on: 8/1/2011 10:29:18 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Karen\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.97 Mb Total Physical Memory | 513.52 Mb Available Physical Memory | 50.64% Memory free
2.38 Gb Paging File | 1.89 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.77 Gb Total Space | 86.20 Gb Free Space | 81.50% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DGR6LDG1 | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 09:08:28 | 001,586,992 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Karen\Local Settings\temp\G2_438\g2viewer.exe
PRC - [2011/07/28 20:33:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen\My Documents\Downloads\OTL.exe
PRC - [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/04 10:43:01 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Karen\gotomypc_438.exe
PRC - [2010/07/26 03:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/30 18:04:54 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/12/21 08:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/07/27 14:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2006/11/02 12:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe


========== Modules (SafeList) ==========

MOD - [2011/07/28 20:33:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen\My Documents\Downloads\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PavPrSrv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/06/01 18:59:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/11 07:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/03/30 18:04:54 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/11 11:22:24 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 16:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 16:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 16:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/28 12:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 12:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/23 16:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/07/10 13:07:56 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 12:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 12:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 12:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 10:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/04 16:02:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/28 15:36:22 | 000,000,735 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: brainfuse.com ([admin] http in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([admin] https in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 09:13:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Karen\Recent
[2011/07/31 13:15:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/31 09:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\ABP Support
[2011/07/31 08:49:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/31 08:26:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/31 07:20:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 07:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/31 07:20:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 07:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/30 19:53:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/07/30 19:19:39 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/30 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/30 19:19:38 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/30 19:19:33 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/30 19:19:33 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/30 19:19:32 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/30 19:19:31 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/30 19:19:31 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/30 19:19:30 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/30 19:18:06 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/30 19:18:02 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/30 19:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/30 19:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/30 18:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/07/30 15:11:36 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/07/30 15:11:34 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/07/30 15:10:43 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/07/30 15:08:52 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/07/30 15:07:26 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/07/30 15:07:11 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/07/30 15:04:04 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/07/30 15:02:24 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/07/30 15:02:22 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/07/30 15:02:17 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/07/30 15:02:15 | 002,069,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/07/30 15:01:51 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/07/30 15:01:19 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2011/07/30 14:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/30 13:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/30 07:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/07/30 07:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/07/30 06:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/29 23:11:47 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/07/29 23:10:11 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/07/29 23:08:57 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/07/29 23:08:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/07/29 23:06:55 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/07/29 23:03:13 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/07/29 22:25:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/07/29 22:25:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/07/29 22:25:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/07/29 22:25:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/07/29 21:38:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/07/29 21:20:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/07/29 21:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/07/29 13:05:14 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/07/29 12:21:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/29 12:21:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/29 12:21:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/29 12:21:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/29 10:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Application Data\Safer Networking
[2011/07/29 10:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2011/07/29 08:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/29 08:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/29 08:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/28 05:53:13 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/07/27 22:56:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/27 22:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/27 15:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Application Data\Malwarebytes
[2011/07/27 15:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/27 15:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/27 14:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/22 19:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/07/22 19:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/22 13:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Start Menu\Programs\HiJackThis
[2011/07/22 13:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/21 10:41:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Karen\Start Menu\Programs\Administrative Tools
[2011/07/15 07:12:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Karen\PrivacIE
[2011/07/15 00:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen\Local Settings\Application Data\Ares
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 10:23:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006UA.job
[2011/08/01 09:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 07:42:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/01 07:42:30 | 1063,297,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/31 13:02:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\MBR.dat
[2011/07/31 10:57:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/31 07:20:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 06:42:02 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On Karen Logon.job
[2011/07/31 02:23:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006Core.job
[2011/07/31 02:16:36 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006.job
[2011/07/30 21:41:20 | 000,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/30 21:41:19 | 000,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/30 21:04:11 | 000,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/30 19:19:39 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/30 19:19:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/30 18:56:40 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-169294577-1357389737-788227818-1006.job
[2011/07/30 14:00:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/30 07:14:48 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2011/07/30 07:14:48 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\Auslogics BoostSpeed.lnk
[2011/07/30 06:53:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/30 06:49:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/29 21:34:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/29 10:16:04 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[2011/07/29 08:27:39 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/29 08:27:38 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\Spybot - Search & Destroy.lnk
[2011/07/29 08:17:48 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/07/28 15:36:22 | 000,000,735 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/27 16:15:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Karen\settings.dat
[2011/07/27 15:36:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mb.exe.lnk
[2011/07/27 14:50:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Karen\defogger_reenable
[2011/07/27 14:38:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/15 11:50:11 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Karen\My Documents\spider.sav
[2011/07/12 17:58:14 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/12 17:58:12 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\Google Chrome.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 04:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/31 13:02:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Karen\Desktop\MBR.dat
[2011/07/31 07:20:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/30 19:19:39 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/30 14:00:22 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/30 07:16:58 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On Karen Logon.job
[2011/07/30 07:14:48 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2011/07/30 07:14:47 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Karen\Desktop\Auslogics BoostSpeed.lnk
[2011/07/29 12:21:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/29 12:21:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/29 12:21:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/29 12:21:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/29 12:21:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/29 09:36:30 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006.job
[2011/07/29 08:27:38 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/29 08:27:38 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Karen\Desktop\Spybot - Search & Destroy.lnk
[2011/07/27 22:56:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/27 22:56:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/27 16:15:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Karen\settings.dat
[2011/07/27 15:36:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mb.exe.lnk
[2011/07/27 14:50:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Karen\defogger_reenable
[2011/07/15 10:51:19 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\Karen\My Documents\spider.sav
[2011/06/07 11:18:49 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 18:32:09 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/12 01:11:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/01 19:06:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/01 18:55:51 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/06/01 18:40:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/06/01 18:40:25 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/06/01 18:40:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/06/01 18:39:53 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008/06/01 18:13:25 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/06/01 18:13:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/06/01 18:13:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/01 18:13:23 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/06/01 18:11:11 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 11:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 11:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 10:57:15 | 000,145,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 10:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 10:51:20 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 10:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 10:51:20 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 10:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 10:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 10:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 10:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 10:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 10:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 10:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 10:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >



OTL Extras logfile created on: 8/1/2011 10:29:18 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Karen\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.97 Mb Total Physical Memory | 513.52 Mb Available Physical Memory | 50.64% Memory free
2.38 Gb Paging File | 1.89 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.77 Gb Total Space | 86.20 Gb Free Space | 81.50% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DGR6LDG1 | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast" = avast! Free Antivirus
"BN_DesktopReader" = NOOK for PC
"Brainfuse Participant QuickConnect" = Brainfuse Participant QuickConnect
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"SynTPDeinstKey" = Dell Touchpad
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/22/2011 4:54:54 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application HiJackThis.exe, version 2.0.0.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2011 5:59:15 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:04:28 AM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:05:51 AM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 5:56:36 PM | Computer Name = DGR6LDG1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/27/2011 6:14:34 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 10:02:36 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.1.1076, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 10:53:06 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 10:53:18 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 10:54:19 PM | Computer Name = DGR6LDG1 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/31/2011 5:17:51 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Driver service failed to start due to
the following error: %%2

Error - 7/31/2011 5:17:52 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%3

Error - 7/31/2011 5:18:08 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ShldDrv

Error - 7/31/2011 12:22:05 PM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Driver service failed to start due to
the following error: %%2

Error - 7/31/2011 12:22:05 PM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%3

Error - 7/31/2011 12:22:06 PM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ShldDrv

Error - 7/31/2011 12:34:27 PM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/1/2011 10:46:13 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Driver service failed to start due to
the following error: %%2

Error - 8/1/2011 10:46:13 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%3

Error - 8/1/2011 10:46:14 AM | Computer Name = DGR6LDG1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ShldDrv


< End of report >
  • 0

#5
RKinner
Posted 01 August 2011 - 12:27 PM

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
Let's turn off hibernation. That should cleanout the c:\hiberfil.sys file (which is enormous so no wonder Avast can't put it in its chest.)

Open the Windows Control Panel
Double-click Power Options
Click the Hibernate tab, de-select the 'Enable hibernate support' check box, and then click Apply.
Restart your computer and hiberfil.sys should be automatically deleted (this is not always the case - simply delete it if Windows didn't do it for you).
If you change your mind in the future and would like to use hibernation, go back to the Hibernate tab as described in the first three steps and check the box 'enable hibernation'.


We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f

That should take care of the other item that Avast couldn't remove.

Also let's clear the Java cache since it found some stuff there:
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Uninstall:
Java™ 6 Update 5
Auslogics BoostSpeed
Spybot - Search & Destroy

Copy the text in the code box by highlighting and Ctrl + c 

:processes
killallprocesses

:OTL
SRV - File not found [Disabled | Stopped] -- -- (PavPrSrv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found


:files
sc config PavPrSrv start= disabled /c
sc config HidServ start= disabled /c
sc config AppMgmt start= disabled /c
    
:Commands
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

How long is it taking to reboot now?

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. Wait a minute for things to settle a bit then: File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#6
Karebony
Posted 04 August 2011 - 12:11 PM

Karebony

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Rob,

When I did that the computer took 10 minutes to boot. It still takes a long time when I try to open the browser and I'm still having problems for work (it's kind of like call center work where I get a prompt on the computer, my phone rings and I'm supposed to get a screen to fill out).

OTL Log:

========== PROCESSES ==========
All processes killed
========== OTL ==========
Service PavPrSrv stopped successfully!
Service PavPrSrv deleted successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
File C:\Program Files\Spybot - Search & Destroy\SDHelper.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ deleted successfully.
========== FILES ==========
< sc config PavPrSrv start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Karen\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Karen\My Documents\Downloads\cmd.txt deleted successfully.
< sc config HidServ start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Karen\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Karen\My Documents\Downloads\cmd.txt deleted successfully.
< sc config AppMgmt start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Karen\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Karen\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08022011_080949

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Procexp Log:

Process PID CPU Private Bytes Working Set Description Company Name
AcroRd32.exe 2540 54,708 K 42,152 K Adobe Reader 8.1 Adobe Systems Incorporated
AdobeUpdater.exe 1352 1,904 K 5,960 K Adobe Updater Adobe Systems Incorporated
alg.exe 3980 1,452 K 3,116 K Application Layer Gateway Service Microsoft Corporation
AvastSvc.exe 2004 13,988 K 7,888 K avast! Service AVAST Software
AvastUI.exe 2512 6,204 K 1,936 K avast! Antivirus AVAST Software
BCMWLTRY.EXE 1840 4,032 K 4,828 K Dell Wireless WLAN Card Wireless Network Controller Dell Inc.
BJMYPRT.EXE 684 1,072 K 2,376 K Canon My Printer CANON INC.
chrome.exe 3200 13,860 K 14,884 K Google Chrome Google Inc.
chrome.exe 1952 15,292 K 17,320 K Google Chrome Google Inc.
chrome.exe 2716 76,076 K 83,536 K Google Chrome Google Inc.
csrss.exe 900 1,788 K 5,064 K Client Server Runtime Process Microsoft Corporation
ctfmon.exe 2696 1,212 K 3,508 K CTF Loader Microsoft Corporation
DellWMgr.exe 2484 6,440 K 4,812 K Dell Webcam Manager Application Creative Technology Ltd.
explorer.exe 248 11,876 K 13,688 K Windows Explorer Microsoft Corporation
g2viewer.exe 3880 19,780 K 21,008 K GoToMyPC Viewer Citrix Online, a division of Citrix Systems, Inc.
gotomypc_438.exe 3896 2,148 K 2,192 K GoLoader Citrix Online, a division of Citrix Systems, Inc.
hkcmd.exe 2500 1,216 K 3,076 K hkcmd Module Intel Corporation
jqs.exe 1944 2,356 K 1,840 K Java™ Quick Starter Service Sun Microsystems, Inc.
KADxMain.exe 1556 2,852 K 3,724 K IntelliSonic Systray Control (KADxMain) Knowles Acoustics
lsass.exe 988 4,176 K 5,296 K LSA Shell (Export Version) Microsoft Corporation
notepad.exe 524 3,724 K 1,028 K Notepad Microsoft Corporation
PCMService.exe 880 5,816 K 9,328 K CyberLink PowerCinema Resident Program CyberLink Corp.
services.exe 976 1,984 K 3,308 K Services and Controller app Microsoft Corporation
smss.exe 824 176 K 336 K Windows NT Session Manager Microsoft Corporation
sndvol32.exe 960 2,360 K 4,460 K Volume Control Microsoft Corporation
spoolsv.exe 1592 3,880 K 4,960 K Spooler SubSystem App Microsoft Corporation
stsystra.exe 2032 4,936 K 4,964 K Sigmatel Audio system tray application SigmaTel, Inc.
svchost.exe 1164 3,296 K 4,024 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1256 2,168 K 3,132 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1416 19,880 K 25,356 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1524 2,136 K 3,136 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1688 1,724 K 2,284 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1340 1,656 K 2,584 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 892 2,932 K 3,752 K Generic Host Process for Win32 Services Microsoft Corporation
SynTPEnh.exe 1356 1,632 K 3,888 K Synaptics TouchPad Enhancements Synaptics, Inc.
System 4 0 K 256 K
wdfmgr.exe 2124 1,796 K 1,316 K Windows User Mode Driver Manager Microsoft Corporation
winlogon.exe 932 7,712 K 3,620 K Windows NT Logon Application Microsoft Corporation
WLTRAY.EXE 1972 2,544 K 5,440 K Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc.
WLTRYSVC.EXE 1820 684 K 1,588 K
wmiprvse.exe 1612 2,620 K 5,392 K WMI Microsoft Corporation
procexp.exe 2024 2.34 11,164 K 15,908 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
chrome.exe 2964 3.13 65,068 K 72,256 K Google Chrome Google Inc.
chrome.exe 168 3.91 76,704 K 91,888 K Google Chrome Google Inc.
Interrupts n/a 3.91 0 K 0 K Hardware Interrupts and DPCs
chrome.exe 1812 35.94 21,824 K 31,000 K Google Chrome Google Inc.
System Idle Process 0 50.78 0 K 28 K

Wew 1st. Log:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 02/08/2011 4:26:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/08/2011 3:02:15 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: ShldDrv

Log: 'System' Date/Time: 02/08/2011 3:02:12 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Panda Process Protection Driver service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wew 2nd. Log:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 02/08/2011 4:29:08 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/08/2011 2:56:55 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user DGR6LDG1\Karen registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


Thanks again for all your assistance!
  • 0

#7
RKinner
Posted 04 August 2011 - 01:03 PM

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
I don't see a Combofix log. Were you not able to get it to run?

Download UPHClean. To download and install UPHClean, visit the following Microsoft Web site:
http://www.microsoft...70-42470E2F3582
You will be prompted to validate your copy of Windows.
As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.
In the User Profile Hive Cleanup Service installation wizard, click Next.
In the License Agreement page, read the license agreement, select I Agree, and then click Next.
In the Select Installation Folder page, click Next.
In the Confirm Installation page, click Next.
When UPHClean is installed, click Close.


Start, Run, services.msc, OK to bring up the services window. Find the
Panda Process Protection Driver service and right click on it and select Properties. Change the Startup Type to Disabled and Apply. Do you get an error? Close the window.

Right click on My Computer and select Manage then Device Manager. View, Show Hidden Devices, then look in the non-plug and play section for ShldDrv . IF you find it right click on it and Disable or uninstall. (IF you found it reboot).

In chrome, Tools, Extensions. Check the box that says Disable under each extension. Close Chrome and reopen it.

Run Process Explorer again. Please just have one instance of Chrome running and point it to www.google.com. Wait 60 seconds for things to settle down and then save the log file again (overwrite the old one). Copy and Paste the result into a reply.

Is this a laptop by any chance? If so remove the main battery then run Process Explorer again and post that log too.

Start, Run, msconfig, OK. Click on Diagnostic Boot and Apply and reboot. How long does it take to boot now?

When msconfig comes up click on normal boot and apply and reboot.
  • 0

#8
Karebony
Posted 04 August 2011 - 02:24 PM

Karebony

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Oops, sorry about that! Here is the combofix log of 7-31-11:


ComboFix 11-07-31.03 - Karen 07/31/2011 9:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.643 [GMT -7:00]
Running from: c:\documents and settings\Karen\My Documents\Downloads\863371-ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 16:27 . 2011-07-31 16:28 -------- d-----w- c:\program files\ABP Support
2011-07-31 15:26 . 2011-07-31 16:28 -------- d-----w- C:\ComboFix
2011-07-31 14:20 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 14:20 . 2011-07-31 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 14:20 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 02:19 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-31 02:19 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-31 02:19 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-31 02:19 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-31 02:19 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-31 02:19 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-31 02:19 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-31 02:19 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-31 02:18 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-31 02:18 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-31 02:16 . 2011-07-31 02:16 -------- d-----w- c:\program files\AVAST Software
2011-07-31 02:16 . 2011-07-31 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-31 01:55 . 2011-07-31 01:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-30 22:11 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-07-30 22:11 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-30 22:10 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-07-30 22:08 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-30 22:07 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-07-30 22:07 . 2011-04-29 16:19 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-30 22:04 . 2011-05-02 15:31 692736 ------w- c:\windows\system32\dllcache\inetcomm.dll
2011-07-30 22:02 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-07-30 22:02 . 2010-12-09 13:42 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-07-30 22:02 . 2010-12-09 13:38 2192768 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-07-30 22:02 . 2010-12-09 13:07 2027008 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-07-30 22:02 . 2010-12-09 13:07 2069376 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-07-30 22:01 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-07-30 22:01 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-07-30 22:01 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-07-30 20:59 . 2011-07-30 21:00 -------- d-----w- c:\program files\CCleaner
2011-07-30 14:13 . 2011-07-30 14:13 -------- d-----w- c:\program files\Auslogics
2011-07-30 06:11 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-07-30 06:10 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-07-30 06:08 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-07-30 06:08 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-07-30 06:08 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-07-30 06:08 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-07-30 06:08 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-07-30 06:08 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-07-30 06:08 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-07-30 06:08 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-07-30 06:08 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-07-30 06:06 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-07-30 06:03 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-07-30 06:02 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\system32\scripting
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\l2schemas
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\system32\en
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\system32\bits
2011-07-30 04:20 . 2011-07-30 04:20 -------- d-----w- c:\windows\EHome
2011-07-29 20:05 . 2011-07-29 20:05 -------- d-----w- C:\VundoFix Backups
2011-07-29 19:06 . 2005-04-04 06:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-07-29 19:06 . 2005-04-04 06:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-07-29 19:06 . 2005-04-04 06:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-07-29 19:06 . 2005-04-04 05:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-07-29 19:06 . 2005-04-04 06:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-07-29 19:06 . 2011-07-29 19:06 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-07-29 19:06 . 2011-07-29 19:06 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-07-29 17:46 . 2011-07-29 17:46 -------- d-----w- c:\documents and settings\Karen\Application Data\Safer Networking
2011-07-29 17:09 . 2011-07-29 18:24 -------- d-----w- c:\program files\Safer Networking
2011-07-29 15:26 . 2011-07-31 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-29 15:26 . 2011-07-29 17:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-28 12:53 . 2011-07-29 14:21 -------- d-----w- C:\MGtools
2011-07-27 22:37 . 2011-07-27 22:37 -------- d-----w- c:\documents and settings\Karen\Application Data\Malwarebytes
2011-07-27 22:36 . 2011-07-27 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-27 22:03 . 2011-07-27 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-23 02:44 . 2011-07-23 02:44 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-22 20:46 . 2011-07-22 20:46 388096 ----a-r- c:\documents and settings\Karen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-22 20:46 . 2011-07-22 20:46 -------- d-----w- c:\program files\Trend Micro
2011-07-15 14:12 . 2011-07-15 14:12 -------- d-sh--w- c:\documents and settings\Karen\PrivacIE
2011-07-15 07:49 . 2011-07-15 07:50 -------- d-----w- c:\documents and settings\Karen\Local Settings\Application Data\Ares
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 11:52 . 2011-01-12 06:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 09:25 . 2008-06-02 01:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-31 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-02 01:59 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/30/2011 7:19 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/30/2011 7:19 PM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/30/2011 7:19 PM 19544]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/13/2011 1:32 PM 135664]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 EraserUtilDrv11113;EraserUtilDrv11113;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/13/2011 1:32 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-31 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Karen Logon.job
- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2011-07-30 18:06]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 20:32]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 20:32]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006Core.job
- c:\documents and settings\Karen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-12 06:25]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006UA.job
- c:\documents and settings\Karen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-12 06:25]
.
2011-07-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 22:25]
.
2011-07-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-169294577-1357389737-788227818-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 22:25]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: brainfuse.com\admin
Trusted Zone: brainfuse.com\www
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-NortonUpdateAgent - c:\documents and settings\All Users\Application Data\Norton\NUA.exe
Notify-!SASWinLogon - (no file)
AddRemove-FX - PDF Reader - c:\progra~1\PDFREA~1\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-31 09:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2360)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-07-31 09:52:33
ComboFix-quarantined-files.txt 2011-07-31 16:52
ComboFix2.txt 2011-07-29 19:40
.
Pre-Run: 92,151,652,352 bytes free
Post-Run: 92,260,270,080 bytes free
.
- - End Of File - - 790196090C9D52A88A6EFF4F662C87D8
  • 0

#9
RKinner
Posted 04 August 2011 - 03:49 PM

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
Uninstall
Spybot - Search & Destroy
It may interfere with the fixes. You can reinstall it when its clean.


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\DRIVERS\ShlDrv51.sys
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\DRIVERS\PavProc.sys
c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys
c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Karen Logon.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006Core.job
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006UA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-169294577-1357389737-788227818-1006.job

Driver::
ShldDrv
gupdate
PavProc
EraserUtilDrv11113

Folder::
c:\program files\Common Files\Symantec Shared


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#10
Karebony
Posted 09 August 2011 - 01:23 PM

Karebony

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Rob,

I tried to follow your instructions, but when I tried to find the Panda process protection driver service, it was not listed. I did a search under start, search for panda and I deleted what came up. I also did that for spybot b/c I had already deleted it from the program files the last time.

I also did not find the Shld Drv.

This is the Procexp log:


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 97.66 0 K 28 K
procexp.exe 2112 1.56 10,572 K 15,260 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 0.78 0 K 0 K Hardware Interrupts and DPCs
wmiprvse.exe 3048 2,620 K 5,396 K WMI Microsoft Corporation
WLTRYSVC.EXE 1852 684 K 2,072 K
WLTRAY.EXE 636 2,548 K 7,328 K Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc.
winlogon.exe 956 6,540 K 2,372 K Windows NT Logon Application Microsoft Corporation
wdfmgr.exe 2904 1,796 K 2,248 K Windows User Mode Driver Manager Microsoft Corporation
uphclean.exe 3108 796 K 1,672 K User Profile Hive Cleanup Service Windows ® Codename Longhorn DDK provider
System 4 0 K 256 K
SynTPEnh.exe 544 1,664 K 5,624 K Synaptics TouchPad Enhancements Synaptics, Inc.
svchost.exe 1288 2,144 K 4,824 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1188 3,320 K 5,384 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1432 20,120 K 30,880 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1540 2,248 K 4,744 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1704 1,748 K 4,300 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2640 1,656 K 4,312 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2864 2,960 K 5,208 K Generic Host Process for Win32 Services Microsoft Corporation
stsystra.exe 512 3,776 K 8,396 K Sigmatel Audio system tray application SigmaTel, Inc.
spoolsv.exe 2076 3,876 K 6,240 K Spooler SubSystem App Microsoft Corporation
smss.exe 844 176 K 432 K Windows NT Session Manager Microsoft Corporation
services.exe 1000 2,080 K 4,024 K Services and Controller app Microsoft Corporation
PCMService.exe 792 8,448 K 13,572 K CyberLink PowerCinema Resident Program CyberLink Corp.
lsass.exe 1012 4,172 K 2,328 K LSA Shell (Export Version) Microsoft Corporation
KADxMain.exe 608 1,252 K 3,876 K IntelliSonic Systray Control (KADxMain) Knowles Acoustics
jqs.exe 2728 2,356 K 1,428 K Java™ Quick Starter Service Sun Microsystems, Inc.
hkcmd.exe 892 1,220 K 4,000 K hkcmd Module Intel Corporation
explorer.exe 132 17,256 K 11,372 K Windows Explorer Microsoft Corporation
DellWMgr.exe 884 6,356 K 8,840 K Dell Webcam Manager Application Creative Technology Ltd.
ctfmon.exe 1124 1,208 K 4,184 K CTF Loader Microsoft Corporation
csrss.exe 924 1,732 K 4,096 K Client Server Runtime Process Microsoft Corporation
chrome.exe 2028 66,280 K 89,016 K Google Chrome Google Inc.
chrome.exe 1876 14,452 K 36,024 K Google Chrome Google Inc.
BJMYPRT.EXE 700 1,072 K 3,192 K Canon My Printer CANON INC.
BCMWLTRY.EXE 1864 4,056 K 8,632 K Dell Wireless WLAN Card Wireless Network Controller Dell Inc.
AvastUI.exe 912 14,700 K 16,004 K avast! Antivirus AVAST Software
AvastSvc.exe 1912 17,252 K 4,728 K avast! Service AVAST Software
alg.exe 2416 1,468 K 4,040 K Application Layer Gateway Service Microsoft Corporation

This is the log after removing the battery:

Process PID CPU Private Bytes Working Set Description Company Name
chrome.exe 2028 66,684 K 89,512 K Google Chrome Google Inc.
svchost.exe 1432 20,128 K 30,812 K Generic Host Process for Win32 Services Microsoft Corporation
explorer.exe 132 17,372 K 12,724 K Windows Explorer Microsoft Corporation
AvastSvc.exe 1912 16,984 K 1,256 K avast! Service AVAST Software
AvastUI.exe 912 14,700 K 16,004 K avast! Antivirus AVAST Software
chrome.exe 976 14,444 K 35,972 K Google Chrome Google Inc.
procexp.exe 2776 1.54 10,528 K 15,080 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
PCMService.exe 792 8,512 K 13,636 K CyberLink PowerCinema Resident Program CyberLink Corp.
chrome.exe 3892 7,336 K 23,032 K Google Chrome Google Inc.
winlogon.exe 956 6,540 K 1,364 K Windows NT Logon Application Microsoft Corporation
DellWMgr.exe 884 6,356 K 8,840 K Dell Webcam Manager Application Creative Technology Ltd.
lsass.exe 1012 4,260 K 2,420 K LSA Shell (Export Version) Microsoft Corporation
BCMWLTRY.EXE 1864 4,056 K 8,640 K Dell Wireless WLAN Card Wireless Network Controller Dell Inc.
spoolsv.exe 2076 3,876 K 6,240 K Spooler SubSystem App Microsoft Corporation
stsystra.exe 512 3,776 K 8,396 K Sigmatel Audio system tray application SigmaTel, Inc.
svchost.exe 1188 3,364 K 5,404 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2864 3,036 K 5,248 K Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 244 2,700 K 5,376 K WMI Microsoft Corporation
WLTRAY.EXE 636 2,552 K 7,356 K Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc.
jqs.exe 2728 2,356 K 1,452 K Java™ Quick Starter Service Sun Microsystems, Inc.
svchost.exe 1540 2,296 K 4,768 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1288 2,144 K 4,840 K Generic Host Process for Win32 Services Microsoft Corporation
services.exe 1000 2,080 K 4,020 K Services and Controller app Microsoft Corporation
wdfmgr.exe 2904 1,796 K 2,248 K Windows User Mode Driver Manager Microsoft Corporation
svchost.exe 1704 1,748 K 4,300 K Generic Host Process for Win32 Services Microsoft Corporation
csrss.exe 924 1,732 K 4,196 K Client Server Runtime Process Microsoft Corporation
SynTPEnh.exe 544 1,664 K 5,632 K Synaptics TouchPad Enhancements Synaptics, Inc.
svchost.exe 2640 1,656 K 4,316 K Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 2416 1,468 K 4,040 K Application Layer Gateway Service Microsoft Corporation
KADxMain.exe 608 1,252 K 3,876 K IntelliSonic Systray Control (KADxMain) Knowles Acoustics
hkcmd.exe 892 1,220 K 4,000 K hkcmd Module Intel Corporation
ctfmon.exe 1124 1,208 K 4,204 K CTF Loader Microsoft Corporation
BJMYPRT.EXE 700 1,072 K 3,192 K Canon My Printer CANON INC.
uphclean.exe 3108 796 K 1,672 K User Profile Hive Cleanup Service Windows ® Codename Longhorn DDK provider
WLTRYSVC.EXE 1852 684 K 2,072 K
smss.exe 844 176 K 432 K Windows NT Session Manager Microsoft Corporation
System Idle Process 0 83.08 0 K 28 K
System 4 0 K 256 K
Interrupts n/a 15.38 0 K 0 K Hardware Interrupts and DPCs

When I tried to make the changes to run the diagnostic boot, I kept getting an error message: an access denied error was returned while attempting to change a service you may need to log on using an administrator account to make the specified changes. It then let me do the diagnostic reboot with "some changes" made. This took 4 minutes, though it is taking 10 minutes and a while to get the web browser started.

This is the combofix log:


ComboFix 11-08-09.02 - Karen 08/09/2011 11:04:25.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.662 [GMT -7:00]
Running from: c:\documents and settings\Karen\My Documents\Downloads\863371-ComboFix.exe
Command switches used :: c:\documents and settings\Karen\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys"
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\windows\system32\DRIVERS\PavProc.sys"
"c:\windows\system32\DRIVERS\ShlDrv51.sys"
"c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Karen Logon.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006UA.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-169294577-1357389737-788227818-1006.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Karen\Desktop\Improve Your PC.lnk
c:\program files\Common Files\Symantec Shared
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169294577-1357389737-788227818-1006UA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-169294577-1357389737-788227818-1006.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ERASERUTILDRV11113
-------\Legacy_GUPDATE
-------\Legacy_PAVPROC
-------\Legacy_SHLDDRV
-------\Service_EraserUtilDrv11113
-------\Service_gupdate
-------\Service_PavProc
-------\Service_ShldDrv
-------\Legacy_gupdatem
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-05 18:25 . 2011-08-05 18:27 -------- d-----w- c:\documents and settings\Karen\Application Data\Canon
2011-08-05 18:24 . 2011-08-05 18:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2
2011-08-05 18:24 . 2011-08-05 18:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP
2011-08-05 05:19 . 2011-08-05 05:19 -------- d-sh--w- c:\documents and settings\Karen\IECompatCache
2011-08-05 00:37 . 2011-08-08 01:25 -------- d-----w- c:\program files\UPHClean
2011-08-02 15:09 . 2011-08-02 15:09 -------- d-----w- C:\_OTL
2011-07-31 16:27 . 2011-07-31 16:28 -------- d-----w- c:\program files\ABP Support
2011-07-31 15:26 . 2011-07-31 16:28 -------- d-----w- C:\ComboFix
2011-07-31 14:20 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 14:20 . 2011-07-31 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 14:20 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 02:19 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-31 02:19 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-31 02:19 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-31 02:19 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-31 02:19 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-31 02:19 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-31 02:19 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-31 02:19 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-31 02:18 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-31 02:18 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-31 02:16 . 2011-07-31 02:16 -------- d-----w- c:\program files\AVAST Software
2011-07-31 02:16 . 2011-07-31 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-30 22:11 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-07-30 22:11 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-30 22:10 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-07-30 22:08 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-30 22:07 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-07-30 22:07 . 2011-04-29 16:19 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-30 22:04 . 2011-05-02 15:31 692736 ------w- c:\windows\system32\dllcache\inetcomm.dll
2011-07-30 22:02 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-07-30 22:02 . 2010-12-09 13:42 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-07-30 22:02 . 2010-12-09 13:38 2192768 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-07-30 22:02 . 2010-12-09 13:07 2027008 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-07-30 22:02 . 2010-12-09 13:07 2069376 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-07-30 22:01 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-07-30 22:01 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-07-30 22:01 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-07-30 20:59 . 2011-07-30 21:00 -------- d-----w- c:\program files\CCleaner
2011-07-30 06:11 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-07-30 06:10 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-07-30 06:08 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-07-30 06:08 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-07-30 06:08 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-07-30 06:08 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-07-30 06:08 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-07-30 06:08 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-07-30 06:08 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-07-30 06:08 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-07-30 06:08 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-07-30 06:06 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-07-30 06:03 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-07-30 06:02 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\system32\scripting
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\l2schemas
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\system32\en
2011-07-30 05:25 . 2011-07-30 05:25 -------- d-----w- c:\windows\system32\bits
2011-07-30 04:20 . 2011-07-30 04:20 -------- d-----w- c:\windows\EHome
2011-07-29 20:05 . 2011-07-29 20:05 -------- d-----w- C:\VundoFix Backups
2011-07-29 19:06 . 2005-04-04 06:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-07-29 19:06 . 2005-04-04 06:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-07-29 19:06 . 2005-04-04 06:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-07-29 19:06 . 2005-04-04 05:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-07-29 19:06 . 2005-04-04 06:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-07-29 19:06 . 2011-07-29 19:06 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-07-29 19:06 . 2011-07-29 19:06 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-07-29 17:46 . 2011-07-29 17:46 -------- d-----w- c:\documents and settings\Karen\Application Data\Safer Networking
2011-07-29 17:09 . 2011-07-29 18:24 -------- d-----w- c:\program files\Safer Networking
2011-07-29 15:26 . 2011-08-02 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-28 12:53 . 2011-07-29 14:21 -------- d-----w- C:\MGtools
2011-07-27 22:37 . 2011-07-27 22:37 -------- d-----w- c:\documents and settings\Karen\Application Data\Malwarebytes
2011-07-27 22:36 . 2011-07-27 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-27 22:03 . 2011-07-27 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-23 02:44 . 2011-07-23 02:44 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-22 20:46 . 2011-07-22 20:46 388096 ----a-r- c:\documents and settings\Karen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-22 20:46 . 2011-07-22 20:46 -------- d-----w- c:\program files\Trend Micro
2011-07-15 14:12 . 2011-07-15 14:12 -------- d-sh--w- c:\documents and settings\Karen\PrivacIE
2011-07-15 07:49 . 2011-07-15 07:50 -------- d-----w- c:\documents and settings\Karen\Local Settings\Application Data\Ares
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_16.46.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 05:51 . 2011-04-19 05:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-08-09 18:22 . 2011-08-09 18:22 16384 c:\windows\temp\Perflib_Perfdata_4d4.dat
+ 2011-08-02 07:58 . 2011-08-02 07:58 22016 c:\windows\Installer\11825d9.msi
+ 2011-08-08 01:25 . 2011-08-08 01:25 25214 c:\windows\Installer\{7D15B945-2725-4443-AB3F-D900556612FE}\_6FEFF9B68218417F98F549.exe
+ 2011-04-19 05:51 . 2011-04-19 05:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-08-07 06:28 . 2011-08-07 06:28 262144 c:\windows\system32\default_user_class.dat
+ 2011-08-02 02:42 . 2011-08-02 02:42 223744 c:\windows\Installer\293d011.msi
+ 2011-08-05 00:37 . 2011-08-05 00:37 261632 c:\windows\Installer\1bfa174.msi
+ 2011-04-19 05:51 . 2011-04-19 05:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-31 405504]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-02 01:59 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/30/2011 7:19 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/30/2011 7:19 PM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/30/2011 7:19 PM 19544]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: brainfuse.com\admin
Trusted Zone: brainfuse.com\www
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-09 11:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(424)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\UPHClean\uphclean.exe
.
**************************************************************************
.
Completion time: 2011-08-09 11:36:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-09 18:36
ComboFix2.txt 2011-07-31 16:52
ComboFix3.txt 2011-07-29 19:40
.
Pre-Run: 97,101,139,968 bytes free
Post-Run: 97,073,389,568 bytes free
.
- - End Of File - - E3D76A62E0B0B578BCF3BBD2ECAADC55


Thanks again!
  • 0

#11
RKinner
Posted 09 August 2011 - 07:45 PM

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
Go back into MSCONFIG and look under Startup and under Services and see if there is something still checked.

Taking the battery out seems to have made it worse rather than better.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Attach the file to your next post.

Ron
  • 0

#12
Karebony
Posted 10 August 2011 - 12:43 PM

Karebony

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Rob,

On msconfig startup and services everything that is listed has a checkmark. Should I unmark everything?

Here is the speccy log:

Summary
Operating System
MS Windows XP Home 32-bit SP3
CPU
Intel Pentium T2370 @ 1.73GHz 52 °C
Merom 65nm Technology
RAM
1.00 GB Dual-Channel DDR2 @ 266MHz (4-4-4-12)
Motherboard
Dell Inc. 0KY767 (Microprocessor) 53 °C
Graphics
Plug and Play Monitor ([email protected])
Mobile Intel® 965 Express Chipset Family
Mobile Intel® 965 Express Chipset Family
Hard Drives
117GB Western Digital WDC WD1200BEVS-75UST0 (SATA) 37 °C
Optical Drives
TSSTcorp DVD+-RW TS-L632H
Audio
SigmaTel High Definition Audio CODEC
Operating System
MS Windows XP Home 32-bit SP3
Installation Date: 11 January 2011, 22:19

Windows Security Center
Firewall Enabled
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every day
Schedule Time 3 am
Antivirus
Antivirus Enabled
Company Name AVAST Software
Display Name avast! Antivirus
Product Version 5.0.100664499
TimeZone
TimeZone GMT -8 Hours
Language English
Country United States
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Power Profile
Active power scheme Portable/Laptop
Hibernation Disabled
Scheduler
8/16/2011 9:55 PM RealUpgradeScheduledTaskS-1-5-21-169294577-1357389737-788227818-1006
Disabled RealUpgradeLogonTaskS-1-5-21-169294577-1357389737-788227818-1006
Hotfixes
8/2/2011 Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243)
7/31/2011 Update for Windows XP (KB968389)
7/31/2011 Security Update for Windows XP (KB951376)
7/31/2011 Security Update for Windows XP (KB952954)
7/31/2011 Security Update for Windows XP (KB959426)
7/31/2011 Security Update for Windows XP (KB946648)
7/31/2011 Security Update for Windows XP (KB2387149)
7/31/2011 Security Update for Windows XP (KB960859)
7/31/2011 Security Update for Windows XP (KB2479943)
7/31/2011 Security Update for Windows XP (KB2478971)
7/31/2011 Security Update for Windows XP (KB2491683)
7/31/2011 Update for Windows XP (KB2345886)
7/31/2011 Update for Windows XP (KB970430)
7/31/2011 Security Update for Windows XP (KB2296011)
7/31/2011 Security Update for Windows XP (KB2115168)
7/31/2011 Security Update for Windows XP (KB975558)
7/31/2011 Update for Windows XP (KB955759)
7/31/2011 Security Update for Windows XP (KB2378111)
7/31/2011 Security Update for Windows XP (KB974318)
7/31/2011 Update for Windows XP (KB951978)
7/31/2011 Security Update for Windows XP (KB969059)
7/31/2011 Security Update for Windows XP (KB2443105)
7/31/2011 Security Update for Windows XP (KB950974)
7/31/2011 Security Update for Windows XP (KB2481109)
7/31/2011 Security Update for Windows XP (KB975713)
7/31/2011 Security Update for Windows XP (KB2485663)
7/31/2011 Security Update for Windows XP (KB2440591)
7/31/2011 Security Update for Windows XP (KB982132)
7/31/2011 Security Update for Windows XP (KB971657)
7/31/2011 Security Update for Windows XP (KB978338)
7/31/2011 Security Update for Windows XP (KB2507938)
7/31/2011 Security Update for Windows XP (KB972270)
7/31/2011 Security Update for Windows XP (KB956744)
7/31/2011 Security Update for Windows XP (KB2476490)
7/31/2011 Security Update for Windows XP (KB956572)
7/31/2011 Security Update for Windows XP (KB2503665)
7/31/2011 Security Update for Windows XP (KB2347290)
7/31/2011 Security Update for Windows XP (KB2483185)
7/31/2011 Security Update for Windows XP (KB961501)
7/31/2011 Update for Windows XP (KB2443685)
7/31/2011 Security Update for Windows XP (KB2079403)
7/31/2011 Update for Windows XP (KB2524375)
7/31/2011 Security Update for Windows XP (KB979687)
7/31/2011 Security Update for Windows XP (KB952004)
7/31/2011 Security Update for Windows XP (KB974571)
7/31/2011 Security Update for Windows XP (KB975560)
7/31/2011 Security Update for Windows XP (KB2535512)
7/31/2011 Update for Windows XP (KB973687)
7/31/2011 Security Update for Windows XP (KB950762)
7/31/2011 Security Update for Windows XP (KB2412687)
7/31/2011 Security Update for Windows XP (KB978601)
7/31/2011 Cumulative Security Update for ActiveX Killbits for Windows XP (KB2508272)
7/31/2011 Security Update for Windows XP (KB980436)
7/31/2011 Security Update for Windows XP (KB2536276)
7/31/2011 Security Update for Windows XP (KB981322)
7/31/2011 Update for Windows XP (KB952287)
7/31/2011 Security Update for Windows XP (KB2507618)
7/31/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2530548)
7/31/2011 Security Update for Windows XP (KB2419632)
7/31/2011 Security Update for Windows XP (KB2508429)
7/31/2011 Security Update for Windows XP (KB974392)
7/31/2011 Update for Windows XP (KB971029)
7/31/2011 Security Update for Windows XP (KB954459)
7/31/2011 Security Update for Windows XP (KB2506212)
7/31/2011 Update for Windows XP (KB971737)
7/31/2011 Security Update for Windows XP (KB977914)
7/31/2011 Security Update for Windows XP (KB978542)
7/31/2011 Security Update for Windows XP (KB979309)
7/31/2011 Security Update for Windows XP (KB979482)
7/31/2011 Security Update for Windows XP (KB978706)
7/31/2011 Security Update for Windows XP (KB981997)
7/31/2011 Security Update for Windows XP (KB960803)
7/31/2011 Security Update for Windows XP (KB973815)
7/31/2011 Security Update for Windows XP (KB975562)
7/31/2011 Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)
7/31/2011 Security Update for Windows XP (KB958644)
7/31/2011 Security Update for Windows XP (KB2544893)
7/31/2011 Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242)
7/31/2011 Security Update for Windows XP (KB956802)
7/31/2011 Security Update for Windows XP (KB2509553)
7/31/2011 Security Update for Windows XP (KB2510531)
7/31/2011 Security Update for Windows XP (KB982665)
7/31/2011 Update for Windows XP (KB2541763)
7/31/2011 Security Update for Internet Explorer 8 for Windows XP (KB2544521)
7/31/2011 Security Update for Windows XP (KB2555917)
7/31/2011 Security Update for Windows XP (KB2478960)
7/31/2011 Security Update for Windows XP (KB2393802)
7/31/2011 Security Update for Windows XP (KB923561)
7/31/2011 Security Update for Windows XP (KB975467)
7/31/2011 Security Update for Windows XP (KB2423089)
7/31/2011 Security Update for Windows XP (KB2360937)
7/30/2011 Windows XP Service Pack 3 (KB936929)
7/13/2011 Windows Malicious Software Removal Tool - July 2011 (KB890830)
7/7/2011 Microsoft Office File Validation Add-in
6/16/2011 Security Update for Microsoft Office Excel 2007 (KB2541007)
6/16/2011 Windows Malicious Software Removal Tool - June 2011 (KB890830)
6/16/2011 Update for Microsoft Office 2007 System (KB2539530)
6/16/2011 Security Update for Microsoft Silverlight (KB2512827)
6/16/2011 Security Update for the 2007 Microsoft Office System (KB2541012)
6/7/2011 Update for Windows XP (KB976662)
6/7/2011 Security Update for Windows XP (KB981332)
6/7/2011 Security Update for Jscript 5.8 for Windows XP (KB971961)
6/6/2011 Update for Windows XP (KB976662)
6/6/2011 Security Update for Windows XP (KB981332)
6/6/2011 Security Update for Jscript 5.8 for Windows XP (KB971961)
6/5/2011 Internet Explorer 8 for Windows XP
5/11/2011 Windows Malicious Software Removal Tool - May 2011 (KB890830)
5/11/2011 Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
5/11/2011 Security Update for Microsoft Office 2007 System (KB2540162)
4/28/2011 Windows Malicious Software Removal Tool - April 2011 (KB890830)
4/22/2011 Update for Microsoft Silverlight (KB2526954)
4/13/2011 Security Update for Microsoft Office Excel 2007 (KB2464583)
4/13/2011 Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2467175)
4/13/2011 Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
4/13/2011 Security Update for Microsoft Office 2007 System (KB2464635)
4/13/2011 Security Update for Microsoft Office 2007 System (KB2509488)
4/13/2011 Security Update for the 2007 Microsoft Office System (KB2466156)
4/13/2011 Windows Malicious Software Removal Tool - April 2011 (KB890830)
4/13/2011 Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
3/27/2011 Internet Explorer 8 for Windows XP
3/10/2011 Windows Malicious Software Removal Tool - March 2011 (KB890830)
3/8/2011 Internet Explorer 8 for Windows XP
3/8/2011 Update for Microsoft Silverlight (KB2495644)
2/9/2011 Windows Malicious Software Removal Tool - February 2011 (KB890830)
1/20/2011 Windows Malicious Software Removal Tool - January 2011 (KB890830)
1/20/2011 Internet Explorer 8 for Windows XP
1/15/2011 Security Update for Microsoft Office 2007 System (KB2289158)
1/15/2011 Update for Windows XP (KB970430)
1/15/2011 Update for Microsoft Office OneNote 2007 (KB980729)
1/15/2011 Security Update for Microsoft Office Excel 2007 (KB2345035)
1/15/2011 Security Update for the 2007 Microsoft Office System (KB2344875)
1/15/2011 Security Update for the 2007 Microsoft Office System (KB969618)
1/15/2011 Security Update for the 2007 Microsoft Office System (KB2345043)
1/15/2011 Security Update for the 2007 Microsoft Office System (KB2288621)
1/15/2011 Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2413381)
1/15/2011 Security Update for Microsoft Office Word 2007 (KB2344993)
1/15/2011 Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
1/15/2011 Security Update for Microsoft Office InfoPath 2007 (KB979441)
1/15/2011 Security Update for the 2007 Microsoft Office System (KB972581)
1/15/2011 Security Update for Microsoft Office PowerPoint 2007 (KB982158)
1/15/2011 Security Update for the 2007 Microsoft Office System (KB976321)
1/15/2011 Security Update for the 2007 Microsoft Office System (KB969559)
1/15/2011 Update for Windows XP (KB971737)
1/15/2011 Security Update for the 2007 Microsoft Office System (KB974234)
1/15/2011 Security Update for Microsoft Office 2007 System (KB2288931)
1/14/2011 Security Update for Windows XP (KB980218)
1/14/2011 Security Update for Windows XP (KB951376)
1/14/2011 Security Update for Windows XP (KB952954)
1/14/2011 Security Update for Windows XP (KB959426)
1/14/2011 Security Update for Windows XP (KB946648)
1/14/2011 Security Update for Windows XP (KB956803)
1/14/2011 Security Update for Windows XP (KB960859)
1/14/2011 Security Update for Windows XP (KB971468)
1/14/2011 Security Update for Windows XP (KB979683)
1/14/2011 Security Update for Windows XP (KB958869)
1/14/2011 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 2 (KB954155)
1/14/2011 Cumulative Security Update for ActiveX Killbits for Windows XP (KB980195)
1/14/2011 Security Update for Windows (KB923723)
1/14/2011 Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB973686)
1/14/2011 Security Update for Windows XP (KB980232)
1/14/2011 Security Update for Windows XP (KB981350)
1/14/2011 Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906)
1/14/2011 Update for Windows XP (KB955759)
1/14/2011 Security Update for Windows XP (KB974318)
1/14/2011 Security Update for Windows XP (KB969059)
1/14/2011 Security Update for Windows XP (KB2229593)
1/14/2011 PowerPoint Viewer 2007 Service Pack 2 (SP2)
1/14/2011 Security Update for Windows XP (KB950974)
1/14/2011 Security Update for Windows XP (KB978037)
1/14/2011 Security Update for Windows XP (KB975713)
1/14/2011 Security Update for Windows XP (KB971657)
1/14/2011 Security Update for Windows XP (KB978338)
1/14/2011 Security Update for Windows XP (KB960225)
1/14/2011 Security Update for the 2007 Microsoft Office System (KB951944)
1/14/2011 Security Update for Windows XP (KB972270)
1/14/2011 Security Update for Windows XP (KB974112)
1/14/2011 Security Update for Windows XP (KB956572)
1/14/2011 Security Update for Windows XP (KB956844)
1/14/2011 Security Update for Windows XP (KB961501)
1/14/2011 Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB954459)
1/14/2011 Security Update for Windows XP (KB975561)
1/14/2011 Security Update for Windows XP Service Pack 2 (KB952069)
1/14/2011 Security Update for Windows XP (KB973869)
1/14/2011 Microsoft Office Compatibility Pack Service Pack 2 (SP2)
1/14/2011 Security Update for Windows XP (KB975025)
1/14/2011 Security Update for Windows XP Service Pack 2 (KB973540)
1/14/2011 Security Update for Windows XP (KB952004)
1/14/2011 Security Update for Windows XP (KB974571)
1/14/2011 Security Update for Windows XP (KB975560)
1/14/2011 Security Update for Windows XP (KB973507)
1/14/2011 Update for the 2007 Microsoft Office System (KB967642)
1/14/2011 Security Update for Windows XP with Windows Media Format Runtime 9.5 and 11 (KB941569)
1/14/2011 Security Update for Windows XP (KB977816)
1/14/2011 Update for Windows XP (KB973687)
1/14/2011 Security Update for Windows XP (KB950762)
1/14/2011 Update for Windows XP (KB981793)
1/14/2011 Security Update for Windows XP (KB978601)
1/14/2011 The 2007 Microsoft Office Suite Service Pack 2 (SP2)
1/14/2011 Security Update for Windows XP (KB979559)
1/14/2011 Update for Windows XP (KB952287)
1/14/2011 Security Update for Windows XP (KB973904)
1/14/2011 Update for Windows XP (KB967715)
1/14/2011 Security Update for Windows XP (KB974392)
1/14/2011 Security Update for Windows XP (KB977914)
1/14/2011 Security Update for Windows XP (KB951748)
1/14/2011 Security Update for Jscript 5.6 for Windows XP (KB971961)
1/14/2011 Security Update for Windows XP (KB978542)
1/14/2011 Security Update for Windows XP (KB970238)
1/14/2011 Security Update for Windows XP (KB979309)
1/14/2011 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP2 (KB978695)
1/14/2011 Security Update for Windows XP (KB979482)
1/14/2011 Security Update for Windows XP (KB978706)
1/14/2011 Security Update for Windows XP (KB958470)
1/14/2011 Security Update for Windows XP (KB960803)
1/14/2011 Security Update for Windows XP (KB973815)
1/14/2011 Security Update for Windows XP (KB975562)
1/14/2011 Security Update for Windows XP (KB958644)
1/14/2011 Security Update for Windows XP (KB955069)
1/14/2011 Security Update for Windows XP (KB956802)
1/14/2011 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB982381)
1/14/2011 Security Update for Windows XP (KB944338)
1/14/2011 Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973923)
1/14/2011 Security Update for Windows XP (KB923561)
1/14/2011 Update for Windows XP (KB968389)
1/13/2011 Update for Windows XP (KB898461)
Battery
AC line Online
Battery full time Unknown
Battery Charge % 100 %
Battery State High
Amount of time remaining (sec) Unknown
Services
Running Application Layer Gateway Service
Running Automatic Updates
Running avast! Antivirus
Running COM+ Event System
Running CryptSvc
Running DCOM Server Process Launcher
Running Dell Wireless WLAN Tray Service
Running DHCP Client
Running Distributed Link Tracking Client
Running DNS Client
Running Error Reporting Service
Running Event Log
Running Fast User Switching Compatibility
Running Help and Support
Running IPSEC Services
Running Java Quick Starter
Running Network Connections
Running Network Location Awareness (NLA)
Running Plug and Play
Running Print Spooler
Running Protected Storage
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running Secondary Logon
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery Service
Running System Event Notification
Running System Restore Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Terminal Services
Running Themes
Running User Profile Hive Cleanup
Running WebClient
Running Windows Audio
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Time
Running Windows User Mode Driver Framework
Running Workstation
Stopped Alerter
Stopped ASP.NET State Service
Stopped Background Intelligent Transfer Service
Stopped ClipBook
Stopped COM+ System Application
Stopped Computer Browser
Stopped DellAMBrokerService
Stopped Distributed Transaction Coordinator
Stopped Extensible Authentication Protocol Service
Stopped Fax
Stopped GoToAssist
Stopped Health Key and Certificate Management Service
Stopped HTTP SSL
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped Logical Disk Manager
Stopped Logical Disk Manager Administrative Service
Stopped Messenger
Stopped Microsoft Office Diagnostics Service
Stopped MS Software Shadow Copy Provider
Stopped Net Logon
Stopped NetMeeting Remote Desktop Sharing
Stopped Network Access Protection Agent
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Office Source Engine
Stopped Performance Logs and Alerts
Stopped Portable Media Serial Number Service
Stopped QoS RSVP
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Procedure Call (RPC) Locator
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped Smart Card
Stopped stllssvr
Stopped Uninterruptible Power Supply
Stopped Universal Plug and Play Device Host
Stopped Volume Shadow Copy
Stopped Windows Installer
Stopped Wired AutoConfig
Stopped Wireless Zero Configuration
Stopped WMI Performance Adapter
Device Tree
ACPI Multiprocessor PC
Microsoft ACPI-Compliant System
Intel® Pentium® Dual CPU T2370 @ 1.73GHz
Intel® Pentium® Dual CPU T2370 @ 1.73GHz
ACPI Thermal Zone
System board
ACPI Lid
ACPI Power Button
ACPI Sleep Button
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
Microsoft Windows Management Interface for ACPI
PCI bus
Mobile Intel® PM965/GM965/GL960 Express Processor to DRAM Controller - 2A00
Intel® ICH8 Family PCI Express Root Port 1 - 283F
Intel® ICH8 Family PCI Express Root Port 4 - 2845
Intel® ICH8 Family SMBus Controller - 283E
System board
System board
Mobile Intel® 965 Express Chipset Family
Plug and Play Monitor
Plug and Play Monitor
Mobile Intel® 965 Express Chipset Family
Plug and Play Monitor
Intel® ICH8 Family USB Universal Host Controller - 2834
USB Root Hub
Intel® ICH8 Family USB Universal Host Controller - 2835
USB Root Hub
Intel® ICH8 Family USB2 Enhanced Host Controller - 283A
USB Root Hub
Microsoft UAA Bus Driver for High Definition Audio
SigmaTel High Definition Audio CODEC
Conexant HDA D330 MDC V.92 Modem
Intel® ICH8 Family PCI Express Root Port 2 - 2841
Dell Wireless 1395 WLAN Mini-Card
Intel® ICH8 Family USB Universal Host Controller - 2830
USB Root Hub
Intel® ICH8 Family USB Universal Host Controller - 2831
USB Root Hub
Intel® ICH8 Family USB Universal Host Controller - 2832
USB Root Hub
Intel® ICH8 Family USB2 Enhanced Host Controller - 2836
USB Root Hub
USB Composite Device
Laptop Integrated Webcam
Intel® 82801 PCI Bridge - 2448
Broadcom 440x 10/100 Integrated Controller
SDA Standard Compliant SD Host Controller
Ricoh MMC Host Controller
Ricoh Memory Stick Controller
Ricoh xD-Picture Card Controller
OHCI Compliant IEEE 1394 Host Controller
1394 Net Adapter
Intel® ICH8M LPC Interface Controller - 2815
ISAPNP Read Data Port
Synaptics PS/2 Port Pointing Device
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
System CMOS/real time clock
System timer
System speaker
System board
Programmable interrupt controller
Direct memory access controller
Numeric data processor
High Precision Event Timer
Intel® ICH8M Ultra ATA Storage Controllers - 2850
Primary IDE Channel
TSSTcorp DVD+-RW TS-L632H
Intel® ICH8M 3 port Serial ATA Storage Controller - 2828
Primary IDE Channel
WDC WD1200BEVS-75UST0
CPU
Intel Pentium T2370
Cores 2
Threads 2
Name Intel Pentium T2370
Code Name Merom
Package Socket P (478)
Technology 65nm
Specification Intel® Pentium® Dual CPU T2370 @ 1.73GHz
Family 6
Extended Family 6
Model F
Extended Model F
Stepping D
Revision M0
Instructions MMX, SSE, SSE2, SSE3, SSSE3, Intel 64
Virtualization Unsupported
Hyperthreading Not supported
Bus Speed 133.0 MHz
Rated Bus Speed 532.0 MHz
Stock Core Speed 1733 MHz
Stock Bus Speed 133 MHz
Average Temperature 52 °C
Caches
L1 Data Cache Size 2 x 32 KBytes
L1 Instructions Cache Size 2 x 32 KBytes
L2 Unified Cache Size 1024 KBytes
Core 0
Core Speed 1064.2 MHz
Multiplier x 6.0
Bus Speed 133.0 MHz
Rated Bus Speed 532.0 MHz
Temperature 52 °C
Thread 1
APIC ID 0
Core 1
Core Speed 1064.2 MHz
Multiplier x 6.0
Bus Speed 133.0 MHz
Rated Bus Speed 532.0 MHz
Temperature 52 °C
Thread 1
APIC ID 1
RAM
Memory slots
Total memory slots 2
Used memory slots 2
Free memory slots 0
Memory
Type DDR2
Size 1024 MBytes
Channels # Dual
DRAM Frequency 266.0 MHz
CAS# Latency (CL) 4 clocks
RAS# to CAS# Delay (tRCD) 4 clocks
RAS# Precharge (tRP) 4 clocks
Cycle Time (tRAS) 12 clocks
Physical Memory
Memory Usage 68 %
Total Physical MB
Available Physical 294 MB
Total Virtual 2.00 GB
Available Virtual 1.90 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR2
Size 512 MBytes
Manufacturer Hyundai Electronics
Max Bandwidth PC2-5300 (333 MHz)
Part Number HYMP564S64CP6-Y5
Serial Number 00003268
Week/year 52 / 07
SPD Ext. EPP
JEDEC #3
Frequency 333.3 MHz
CAS# Latency 5.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 16
tRC 21
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 9
tRC 12
Voltage 1.800 V
Slot #2
Type DDR2
Size 512 MBytes
Manufacturer Hyundai Electronics
Max Bandwidth PC2-5300 (333 MHz)
Part Number HYMP564S64CP6-Y5
Serial Number 04008263
Week/year 52 / 07
SPD Ext. EPP
JEDEC #3
Frequency 333.3 MHz
CAS# Latency 5.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 16
tRC 21
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 9
tRC 12
Voltage 1.800 V
Motherboard
Manufacturer Dell Inc.
Model 0KY767
Chipset Vendor Intel
Chipset Model GM965
Chipset Revision C0
Southbridge Vendor Intel
Southbridge Model 82801HBM (ICH8-ME)
Southbridge Revision B0
System Temperature 53 °C
BIOS
Brand Dell Inc.
Version A08
Date 04/21/2008
Graphics
Monitor
Name Plug and Play Monitor on Mobile Intel 965 Express Chipset Family
Current Resolution 1280x800 pixels
Work Resolution 1280x766 pixels
State enabled, primary, output devices support
Monitor Width 1280
Monitor Height 800
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Mobile Intel® 965 Express Chipset Family
Memory 256 MB
Memory type 2
Driver version 6.14.10.4831
Mobile Intel® 965 Express Chipset Family
Memory 256 MB
Memory type 2
Driver version 6.14.10.4831
Hard Drives
WDC WD1200BEVS-75UST0
Manufacturer Western Digital
Form Factor GB/2.5-inch
Business Unit/Brand Mobile/WD Scorpio®
RPM/Buffer Size or Attribute 5400 RPM with 8 MB cache (Mobile)
Interface/Connector SATA 3 Gb/s with 22-pin SATA connector/SATA 1.5 Gb/s with 22-pin SATA connector (Mobile)
Heads 16
Cylinders 16383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA8-ACS
48-bit LBA Supported
Serial Number WD-WXC408318797
Interface SATA
Capacity 117GB
Real size 120,034,123,776 bytes
S.M.A.R.T
01 Read Error Rate 200 (200 worst) Data 000000000B
03 Spin-Up Time 161 (160) Data 00000003B6
04 Start/Stop Count 098 (098) Data 0000000A79
05 Reallocated Sectors Count 200 (200) Data 0000000000
07 Seek Error Rate 200 (200) Data 0000000000
09 Power-On Hours (POH) 075 (075) Data 000000495A
0A Spin Retry Count 100 (100) Data 0000000000
0B Recalibration Retries 100 (100) Data 0000000000
0C Device Power Cycle Count 098 (098) Data 0000000A65
C0 Power-off Retract Count 200 (200) Data 0000000113
C1 Load/Unload Cycle Count 191 (191) Data 0000007060
C2 Temperature 106 (092) Data 0000000025
C4 Reallocation Event Count 200 (200) Data 0000000000
C5 Current Pending Sector Count 200 (200) Data 0000000000
C6 Uncorrectable Sector Count 100 (253) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
C8 Write Error Rate / Multi-Zone Error Rate 100 (253) Data 0000000000
Temperature 37 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Size 86.2 MB
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter C:
File System NTFS
Volume Serial Number 505E98F4
Size 106GB
Used Space 15.0GB (15%)
Free Space 91GB (85%)
Partition 2
Partition ID Disk #0, Partition #2
Size 2.49 GB
Partition 3
Partition ID Disk #0, Partition #3
Size 3.42 GB
Optical Drives
TSSTcorp DVD+-RW TS-L632H
Media Type CD-ROM
Name TSSTcorp DVD+-RW TS-L632H
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded TRUE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 0
Size
Status OK
Volume Name Audio CD
Volume Serial Number 1CB3D8D
Audio
Sound Card
SigmaTel High Definition Audio CODEC
Playback Device
SigmaTel Audio
Recording Device
SigmaTel Audio
Speaker Configuration
Speaker type Stereo
Peripherals
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device Kind Keyboard
Device Name Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Location plugged into keyboard port
Driver
Date 7-1-2001
Version 5.1.2600.2180
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Synaptics PS/2 Port Pointing Device
Device Kind Mouse
Device Name Synaptics PS/2 Port Pointing Device
Location plugged into PS/2 mouse port
Driver
Date 4-27-2007
Version 9.1.18.6
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\SynTP.sys
File C:\WINDOWS\system32\SynTPAPI.dll
File C:\WINDOWS\system32\SynCOM.dll
File C:\WINDOWS\system32\SynCtrl.dll
File C:\Program Files\Synaptics\SynTP\SynTPRes.dll
File C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
File C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
File C:\Program Files\Synaptics\SynTP\SynZMetr.exe
File C:\Program Files\Synaptics\SynTP\SynMood.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
File C:\Program Files\Synaptics\SynTP\Tutorial.exe
File C:\Program Files\Synaptics\SynTP\InstNT.exe
File C:\Program Files\Synaptics\SynTP\SynISDLL.dll
File C:\Program Files\Synaptics\SynTP\SynUnst.ini
File C:\Program Files\Synaptics\SynTP\DellTpad.exe
File C:\Program Files\Synaptics\SynTP\DellTpad.exe.manifest
File C:\Program Files\Synaptics\SynTP\DellTpad.rtf
File C:\WINDOWS\system32\SynTPCo4.dll
Laptop Integrated Webcam
Device Kind Camera/scanner
Device Name Laptop Integrated Webcam
Vendor OmniVision
Comment Laptop Integrated Webcam
Location Location 0
Driver
Date 7-19-2007
Version 1.3.2.719
File C:\WINDOWS\system32\ksuser.dll
File C:\WINDOWS\system32\ksproxy.ax
File C:\WINDOWS\system32\drivers\ks.sys
File C:\WINDOWS\system32\kstvtune.ax
File C:\WINDOWS\system32\ksxbar.ax
File C:\WINDOWS\system32\kswdmcap.ax
File C:\WINDOWS\system32\vidcap.ax
File C:\WINDOWS\system32\dshowext.ax
File C:\WINDOWS\system32\vfwwdm32.dll
File C:\WINDOWS\system32\iyuv_32.dll
File C:\WINDOWS\system32\msh263.drv
File C:\WINDOWS\system32\msyuv.dll
File C:\WINDOWS\system32\tsbyuv.dll
File C:\WINDOWS\System32\Drivers\OEM02Dev.sys
File C:\WINDOWS\System32\Drivers\OEM02Vfx.sys
File C:\WINDOWS\System32\Drivers\OEM02PC.bmp
File C:\WINDOWS\System32\Drivers\OEM02Pvc.bmp
File C:\WINDOWS\System32\Drivers\OEM02Afx.sys
File C:\WINDOWS\system32\OEM02Cvw.bff
File C:\WINDOWS\system32\OEM02Cvw.dll
File C:\WINDOWS\system32\OEM02Cvw.crl
File C:\WINDOWS\system32\OEM02Hwx.dll
File C:\WINDOWS\system32\OEM02Pin.crl
File C:\WINDOWS\system32\OEM02Pin.dll
File C:\WINDOWS\system32\CtCamMgr.dll
File C:\WINDOWS\system32\OEM02Srv.exe
File C:\WINDOWS\system32\cximage.dll
File C:\WINDOWS\Twain_32\Creative\OEM002\HookWnd.dll
File C:\WINDOWS\OEM002.uns
File C:\WINDOWS\OEM02Mon.exe
File C:\WINDOWS\OEM02Cfg.exe
File C:\WINDOWS\CtDrvIns.exe
Network
You are connected to the internet
Connected through Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
IP Address 68.82.105.135
Subnet mask 255.255.248.0
Gateway server 68.82.104.1
Preferred DNS server 68.87.64.150
Alternate DNS server 68.87.75.198
DHCP Enabled
DHCP server 68.87.64.34
External IP Address 68.82.105.135
Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Hybrid node
Link Speed 0 kbps
Computer Name
NetBIOS Name DGR6LDG1
DNS Name DGR6LDG1
Domain Name DGR6LDG1
Remote Desktop
Console
State Active
Domain DGR6LDG1
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect Yes
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Adapters List
Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
IP Address 68.82.105.135
Subnet mask 255.255.248.0
Gateway server 68.82.104.1
Network Shares
No network shares

Thanks again!
  • 0

#13
RKinner
Posted 10 August 2011 - 07:24 PM

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
Start Run, msconfig, OK
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it doesn't run faster then go back into msconfig and recheck the
things you turned off. If it helps then go back and turn on a few items each
time until you find the culprit.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP