Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Grigsby Computer is Slow and Buggy


  • Please log in to reply

#1
Jim Grigsby

Jim Grigsby

    New Member

  • Member
  • Pip
  • 6 posts
Hello - this is my first time here and a friend HIGHLY suggested your help. Computer in question has become very slow and buggy; I have been told by other friends that it is necessary to re-install XP every 1 to 2 years, but I understand this is complex, and very time consuming. I hope you may shed some light and help me out! Here are the items I have noticed:

Overall slow speed; the system used to be faster with my dual core processor and 2 gig of memory.

I am using Firefox 6 (and trying out the Beta Firefox 7) and both browsers take up to 1.5 minutes to download a page. This happens on most web sites I attempt to go to. Some addresses are fast, but most exhibit the described problem. I have not experienced any total crashes at this point. I have in turn tried IE as well with similar results; it reminds me of an old computer I had years ago with very little memory; slow to load entire pages...

When using Microsoft Office Outlook, odd things like attempting to attach a PDF document from My Documents file will take up to a minute to process and attach. This did not use to happen.

When opening up My Pictures file (very large 10 gig) the icons are slow to populate the screen, like the memory is all used up. This is especially true when I go to drive D where the backup to this file is located. Very very slow for the icons to load. They used to be almost instant.

Upon startup, the video flashes on-then to complete black for approx 4 seconds, then comes back on; this is followed by a second round once the desktop is loaded of a brief distortion flash. Video is provided by NVIDIA. I have also noted the icons on the desktop are sometimes slow to load.

I use Symantec antivirus and update often; I also am using Ad-aware from Lavasoft as PC Mag gave it best reviews; also use Update Checker and keep all programs up to date with latest versions; lastly I use Advance System Care Pro (paid) version. My internet connection is cable modem with greater than 15 mbs bandwidth.

Again, I thank you for any insight you can give as I am very frustrated with the machine but do not want to resort to complete reinstall of operating system. I have very rarely encountered virus or spyware as thankfully it seems the system Comcast Cable utilizes does a good job, and we are careful of websites visited.

OTL is listed below:

OTL logfile created on: 8/24/2011 4:37:37 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Jim\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.31% Memory free
4.85 Gb Paging File | 4.10 Gb Available in Paging File | 84.46% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 211.64 Gb Free Space | 71.00% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 255.11 Gb Free Space | 85.58% Space Free | Partition Type: NTFS

Computer Name: GRIGSBY-HOME | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/24 16:37:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\My Documents\Downloads\OTL.exe
PRC - [2011/08/23 10:08:12 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/17 03:52:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/01 18:30:53 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/08/01 18:30:52 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\system32\java.exe
PRC - [2011/04/01 01:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/21 08:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2009/03/12 12:53:46 | 000,483,422 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/12 12:53:46 | 000,254,036 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 19:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/04 18:55:38 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/04/04 18:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/02/01 01:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/03/13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 03:52:33 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/16 16:40:16 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/29 14:31:45 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2010/11/29 14:31:42 | 000,798,720 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2010/11/29 14:31:42 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2010/11/29 14:31:21 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010/11/29 14:31:03 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2010/11/29 14:31:03 | 000,049,152 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2010/11/29 14:30:58 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2010/11/29 14:30:57 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010/11/29 14:30:57 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2010/11/29 14:30:57 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010/11/29 14:30:57 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll
MOD - [2010/11/29 14:30:57 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2010/11/29 14:30:57 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010/11/29 14:30:56 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010/11/29 14:30:55 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010/11/29 14:30:55 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010/11/29 14:30:54 | 000,167,936 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010/11/29 14:30:54 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2010/11/29 14:30:54 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010/11/29 14:30:54 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010/11/29 14:30:54 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010/11/29 14:29:57 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010/11/29 14:29:57 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2010/11/29 14:29:57 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2010/11/29 14:29:57 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010/11/29 14:29:57 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll
MOD - [2010/11/29 14:29:57 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2010/11/29 14:29:56 | 000,475,136 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2010/11/29 14:29:56 | 000,196,608 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2010/10/05 23:41:03 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2ed406d4\mscorlib.dll
MOD - [2010/10/05 23:41:00 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_dab44d40\system.drawing.dll
MOD - [2010/10/05 23:40:57 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_86eb945f\system.xml.dll
MOD - [2010/10/05 23:40:54 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_33e5d4a6\system.windows.forms.dll
MOD - [2010/10/05 23:40:49 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a96782fa\system.dll
MOD - [2010/10/05 23:40:42 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/12/12 18:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 18:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
MOD - [2008/11/13 15:43:49 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll
MOD - [2007/08/10 16:42:35 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/08/10 16:42:35 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/08/10 16:42:34 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/08/10 15:33:49 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/01 18:30:53 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/01 01:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/12/21 08:04:30 | 000,987,704 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 08:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/03/12 12:53:46 | 000,254,036 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe -- (STacSV)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/04 19:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/04/04 18:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/04/04 02:45:18 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/08/07 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110823.085\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/07 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110823.085\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/01 15:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/01 01:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2011/04/01 01:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/14 18:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/03/12 12:53:46 | 001,550,613 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/08 15:57:49 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/04 19:01:46 | 000,091,520 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/04/04 18:59:46 | 000,040,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/03/21 19:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/21 19:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/21 19:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/03/12 15:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/01/17 18:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/10/30 20:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 20:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/03/16 14:59:40 | 000,054,272 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.google.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1b2
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.7
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/23 23:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/23 23:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/23 10:09:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/24 13:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/23 10:10:06 | 000,000,000 | ---D | M]

[2009/05/02 07:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions
[2011/08/20 21:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\8khuolq8.default\extensions
[2011/07/18 13:56:59 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\8khuolq8.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/05/02 07:12:41 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\8khuolq8.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2)
[2011/06/25 22:30:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\8khuolq8.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/08/08 22:46:24 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\8khuolq8.default\extensions\[email protected]
[2011/08/24 13:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/01 18:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/08/24 13:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
File not found (No name found) --
[2011/08/23 10:09:36 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KHUOLQ8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KHUOLQ8.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KHUOLQ8.DEFAULT\EXTENSIONS\[email protected]
[2009/07/17 23:21:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/17 03:52:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/08/01 18:30:53 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/08/16 21:45:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/08/02 17:13:06 | 000,416,977 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14394 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1208054203078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/10 14:42:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7f32eac8-3760-11de-9d8e-0019d11daf26}\Shell\AutoRun\command - "" = F:\Programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{b3123615-5a3c-11dc-9c24-0019d11e2cbc}\Shell - "" = AutoRun
O33 - MountPoints2\{b3123615-5a3c-11dc-9c24-0019d11e2cbc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3123615-5a3c-11dc-9c24-0019d11e2cbc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e0adb49f-c84b-11dc-9c44-0019d11e2cbc}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 10:13:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent
[2011/08/23 10:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/08/16 17:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Keyboard
[2011/08/16 17:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/08/16 17:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse
[2011/08/16 17:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/08/16 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\NVIDIA
[2011/08/16 16:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/08/02 11:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Sun
[2011/07/28 18:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/24 16:41:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/24 16:34:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2011/08/24 13:30:04 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/24 13:30:03 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/24 13:29:55 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1078145449-682003330-1003.job
[2011/08/24 13:29:39 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1078145449-682003330-1003.job
[2011/08/24 13:29:14 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/24 13:29:07 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/24 13:29:03 | 000,013,916 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/24 13:28:11 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoSweep.job
[2011/08/24 13:27:31 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/24 13:27:31 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2011/08/24 13:27:29 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1078145449-682003330-1006.job
[2011/08/24 13:26:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/24 13:26:40 | 2145,435,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/24 13:26:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/08/24 13:21:06 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/24 13:21:06 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/08/24 12:31:11 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0658D70F-9458-4C69-89CB-7F2838D9799D}.job
[2011/08/23 17:00:29 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoUpdate.job
[2011/08/23 10:09:53 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/08/23 10:08:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/08/23 10:02:03 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/08/20 21:17:08 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/20 21:17:08 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/20 10:47:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/19 22:54:21 | 000,022,365 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\Water-Park-Cake_recipemain.jpg
[2011/08/19 22:53:51 | 000,007,746 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\4976652429_864eb8ceb2_s.jpg
[2011/08/19 22:52:47 | 000,004,536 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\4976639847_42771aacb0_s.jpg
[2011/08/19 16:26:39 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/17 17:01:22 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/17 11:25:06 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/16 17:46:13 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/16 17:44:52 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
[2011/08/16 17:44:51 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2011/08/16 16:39:08 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/08/10 13:55:37 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/08/09 21:24:03 | 000,373,607 | ---- | M] () -- C:\WINDOWS\System32\WebEx Document Loader Port
[2011/08/09 17:41:12 | 000,484,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/09 17:41:12 | 000,080,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/03 12:47:48 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/03 07:49:00 | 002,128,778 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2011/08/03 07:49:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/08/03 07:49:00 | 000,003,249 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/07/31 09:50:47 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1078145449-682003330-1006.job
[2011/07/26 16:08:25 | 000,141,576 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\Cancel Magazines.pdf
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/23 10:09:53 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/08/19 22:54:14 | 000,022,365 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\Water-Park-Cake_recipemain.jpg
[2011/08/19 22:53:50 | 000,007,746 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\4976652429_864eb8ceb2_s.jpg
[2011/08/19 22:52:47 | 000,004,536 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\4976639847_42771aacb0_s.jpg
[2011/08/16 16:39:08 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/08/16 16:34:57 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/08 02:03:18 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/07/26 16:08:23 | 000,141,576 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\Cancel Magazines.pdf
[2011/07/18 11:58:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/18 11:58:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/20 09:59:10 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/15 13:06:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/07 23:05:05 | 000,607,302 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1659004503-1078145449-682003330-1003-0.dat
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/01/30 02:06:49 | 000,303,790 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/03 15:47:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/11/29 14:18:16 | 000,068,952 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/11/29 14:18:16 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/08/02 17:15:03 | 001,017,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/04 23:22:18 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/04 23:22:16 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/04 23:22:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/05/14 17:56:06 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 17:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 17:55:58 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 17:47:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/02/12 16:05:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\rx_image.Cache
[2009/12/21 22:27:47 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/10/09 12:23:02 | 000,000,105 | ---- | C] () -- C:\WINDOWS\DataBackupPC.INI
[2009/08/03 18:53:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/02 08:38:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/02 08:34:30 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/02 07:34:13 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2009/05/02 07:34:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2009/05/02 07:34:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/05/02 07:33:33 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/05/02 07:33:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/05/02 07:33:21 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\config.ini
[2009/05/02 07:33:16 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/05/02 07:33:09 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2009/05/02 07:33:09 | 000,000,620 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2009/05/02 07:33:09 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2009/05/02 07:33:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/05/02 07:33:08 | 004,023,395 | ---- | C] () -- C:\WINDOWS\Dolphins.dat
[2009/05/02 07:33:08 | 000,068,952 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2009/05/02 07:33:08 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2009/05/02 07:33:08 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/05/02 07:33:08 | 000,001,277 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009/05/02 07:33:08 | 000,000,919 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/05/02 07:33:08 | 000,000,612 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/05/02 07:33:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/02 07:33:08 | 000,000,235 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2009/05/02 07:33:08 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/05/02 07:33:08 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2009/05/02 07:33:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/05/02 07:33:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/02 07:33:08 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ping3.dat
[2009/05/02 07:33:08 | 000,000,087 | ---- | C] () -- C:\WINDOWS\ping1.dat
[2009/05/02 07:33:08 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ping2.dat
[2009/05/02 07:33:08 | 000,000,081 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2009/05/02 07:33:08 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2009/05/02 07:33:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/05/02 07:33:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/02 07:33:07 | 000,004,361 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/02 07:33:07 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/05/02 07:33:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2009/05/02 07:17:06 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/05/02 07:11:28 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/02 07:11:28 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\fusioncache.dat
[2009/05/01 14:07:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/01 14:06:01 | 000,318,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,484,996 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,080,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/07/15 11:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Tray Application
[2009/05/02 07:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/05/13 10:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/05/02 07:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/07/22 15:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2009/05/02 07:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/05/02 07:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/02 07:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/03/10 12:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/04 17:08:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
[2010/07/12 10:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Auslogics
[2010/07/12 09:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\CBS Interactive
[2009/05/02 07:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/24 11:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\CVS
[2010/12/05 23:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\DeepBurner
[2010/02/25 13:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\DeepBurner Pro
[2010/10/13 13:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\DeviceDoctorSoftware
[2010/01/25 01:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\ElevatedDiagnostics
[2009/11/18 12:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Facebook
[2010/06/01 13:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GARMIN
[2009/05/02 07:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Image Zone Express
[2011/06/04 13:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\IObit
[2009/05/02 07:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech
[2011/01/25 13:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Local
[2010/02/11 12:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\OfficeUpdate12
[2009/05/02 07:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Printer Info Cache
[2011/05/06 21:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Research In Motion
[2009/05/02 07:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Simple Star
[2009/05/02 07:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Ulead Systems
[2011/02/02 14:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Windows Search
[2011/08/24 13:29:07 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/08/24 13:28:11 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_AutoSweep.job
[2011/08/23 17:00:29 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_AutoUpdate.job
[2011/08/24 13:27:31 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
[2011/08/24 16:34:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job
[2011/08/24 12:31:11 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0658D70F-9458-4C69-89CB-7F2838D9799D}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,780 posts
  • MVP
Your log doesn't show any obvious infection but we will run a few scans to make sure then check some other things. It may just be that you have too much of a good thing. Symantec is a big resource hog. (when does it expire?) Ad_Aware isn't bad but I don't really like Advance System Care Pro. It's a rip off of Malware Bytes.

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

     
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Attach the file to your next post. Don't copy and paste it.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



Download and run Speedy Fox.
http://www.crystalidea.com/speedyfox
Close Firefox.
Click on Speed up my Firefox. Close.

Ron
  • 0

#3
Jim Grigsby

Jim Grigsby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you Ron! I have followed your steps and the results are below:

As for the Symantec, the man who put my system together is a computer supplier to small businesses. He had this installed on my machine since day one and I assume it must be under a corporate account as I do not have any dates to which it expires. I do the live update thing and it seems to continue to update. I have noticed that update checker says there is a new version but I cannot find a way to update it. Do you suggest getting rid of this and using something else?

Here is log for OTL after I followed your instructions:



========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.5 log created on 08252011_092116

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




I deleted and reloaded new copy of Malewarebytes as instructed. Here is that log file:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7565

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/25/2011 9:48:06 AM
mbam-log-2011-08-25 (09-48-06).txt

Scan type: Quick scan
Objects scanned: 210087
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I ran the combofix program and here is that log:



ComboFix 11-08-24.06 - Jim 08/25/2011 10:07:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1244 [GMT -4:00]
Running from: c:\documents and settings\Jim\My Documents\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jim\Application Data\Local
c:\program files\messenger\msmsgsin.exe
c:\windows\system32\comct332.ocx
c:\windows\system32\Config.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 13:41 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-25 13:41 . 2011-08-25 13:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-25 13:41 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 13:21 . 2011-08-25 13:21 -------- d-----w- C:\_OTL
2011-08-23 14:09 . 2011-08-23 14:09 -------- d-----w- c:\program files\Common Files\xing shared
2011-08-23 14:08 . 2011-08-23 14:08 107008 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-08-16 21:42 . 2011-08-16 21:42 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-08-16 21:40 . 2011-08-16 21:40 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-08-16 21:32 . 2011-08-16 21:32 -------- d-----w- c:\documents and settings\Jim\Application Data\NVIDIA
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-16 20:39 . 2011-08-16 20:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-09 21:41 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-09 21:26 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-08 06:03 . 2011-07-13 15:29 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-02 15:52 . 2011-08-02 15:52 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Sun
2011-08-01 22:35 . 2011-08-23 14:10 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-08-01 22:35 . 2011-08-23 14:09 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-08-01 22:31 . 2011-08-01 22:30 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 20:40 . 2011-03-09 15:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 11:49 . 2011-04-08 02:15 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-04-08 02:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2011-04-08 02:15 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2011-04-08 02:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2011-04-08 02:15 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2011-04-08 02:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2010-10-20 14:08 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:49 . 2010-10-20 14:08 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:49 . 2010-01-12 17:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2010-01-12 17:27 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2009-05-02 11:34 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-08-03 11:49 . 2009-05-02 11:34 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2009-05-02 11:33 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2009-05-02 11:33 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2009-05-02 11:33 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2009-05-02 11:33 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2009-05-01 02:02 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-01 22:30 . 2011-05-03 15:54 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-01 22:30 . 2010-04-16 16:20 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 19:56 . 2010-10-14 12:57 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-08-01 19:56 . 2010-10-14 12:57 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-08-01 19:56 . 2006-11-08 07:02 40936 ----a-w- c:\windows\system32\drivers\point32.sys
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 15:29 . 2011-07-13 15:29 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2009-05-02 12:33 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-20 14:31 . 2011-07-15 15:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-06-15 18:15 . 2011-06-15 18:15 53248 ----a-r- c:\documents and settings\Jim\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-06-10 20:52 . 2011-01-25 20:57 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 07:52 . 2011-04-13 17:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-08-23 273528]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataBackup PC Tray Control
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/15/2011 11:56 AM 64512]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [5/4/2011 2:22 PM 328536]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [4/20/2011 8:40 AM 2255464]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [12/21/2010 8:04 AM 399416]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 1:11 AM 428640]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [10/14/2010 8:57 AM 45288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/16/2011 5:05 PM 105592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/12/2009 3:01 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2151640]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/2/2009 7:34 AM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/12/2009 3:01 PM 133104]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [12/21/2010 8:04 AM 987704]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 11:19]
.
2011-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-25 c:\windows\Tasks\ASC4_AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-05-04 20:38]
.
2011-08-24 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-05-04 20:38]
.
2011-08-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 13:08]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 19:01]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 19:01]
.
2011-08-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 19:56]
.
2011-08-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2011-08-01 19:57]
.
2011-08-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1078145449-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2011-08-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1078145449-682003330-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2011-08-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1078145449-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2011-07-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1078145449-682003330-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2011-08-25 c:\windows\Tasks\User_Feed_Synchronization-{0658D70F-9458-4C69-89CB-7F2838D9799D}.job
- c:\windows\system32\msfeedssync.exe [2009-05-02 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.1 68.87.72.134 68.87.77.134
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\8khuolq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 10:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3320620AS rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,6f,97,c3,e1,45,03,4a,a5,2f,99,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,6f,97,c3,e1,45,03,4a,a5,2f,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\NTMARTA.DLL
.
- - - - - - - > 'explorer.exe'(1596)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\java.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-08-25 10:39:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 14:39
.
Pre-Run: 227,083,837,440 bytes free
Post-Run: 227,001,196,544 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=AlwaysOff
.
- - End Of File - - 27CAA9FECECF0ED1FBA6827459271B21




The Event Viewer Tool would NOT download. I tried the site on both IE and Firefox and it was a blank page. Firefox said it was "not on this server..."



I have attached the file for Speccy to this message.


Process Explorer text file is as follows:


Process PID CPU Private Bytes Working Set Description Company Name
alg.exe 3752 1,340 K 26,380 K Application Layer Gateway Service Microsoft Corporation
ASCService.exe 1464 3,620 K 604 K Advanced SystemCare Service IObit
ccApp.exe 2908 5,252 K 612 K Symantec User Session Symantec Corporation
ccSvcHst.exe 1580 11,208 K 2,320 K Symantec Service Framework Symantec Corporation
csrss.exe 1060 1,768 K 7,756 K Client Server Runtime Process Microsoft Corporation
daemonu.exe 984 2,436 K 22,412 K NVIDIA Settings Update Manager NVIDIA Corporation
DivXUpdate.exe 3760 7,644 K 15,320 K DivX Update
dpupdchk.exe 1216 2,080 K 4,784 K dpupdchk.exe Microsoft Corporation
explorer.exe 1596 49,140 K 60,584 K Windows Explorer Microsoft Corporation
GoogleUpdate.exe 2032 3,768 K 30,652 K Google Installer Google Inc.
hpqgalry.exe 3592 42,732 K 7,060 K Hewlett-Packard Co.
hpqtra08.exe 3724 5,956 K 14,432 K HP Digital Imaging Monitor Hewlett-Packard Co.
iexplore.exe 3908 12,604 K 2,892 K Internet Explorer Microsoft Corporation
iexplore.exe 544 142,032 K 123,628 K Internet Explorer Microsoft Corporation
ipoint.exe 2848 11,996 K 19,604 K IPoint.exe Microsoft Corporation
itype.exe 2060 15,736 K 23,684 K IType.exe Microsoft Corporation
java.exe 1892 45,932 K 56,232 K Java™ Platform SE binary Oracle Corporation
jqs.exe 836 2,432 K 1,408 K Java™ Quick Starter Service Oracle Corporation
LinksysUpdater.exe 1640 1,116 K 7,496 K
lsass.exe 1144 2,672 K 1,392 K LSA Shell (Export Version) Microsoft Corporation
LSSrvc.exe 1208 868 K 17,416 K Hewlett-Packard Company
MDM.EXE 1852 1,140 K 22,600 K Machine Debug Manager Microsoft Corporation
nmctxth.exe 3324 7,864 K 13,852 K Pure Networks Platform Assistant Cisco Systems, Inc.
nmsrvc.exe 3280 10,880 K 7,632 K Pure Networks Platform Service Cisco Systems, Inc.
nvsvc32.exe 1900 5,224 K 25,552 K NVIDIA Driver Helper Service, Version 280.26 NVIDIA Corporation
realsched.exe 1176 1,100 K 216 K RealNetworks Scheduler RealNetworks, Inc.
RIMBBLaunchAgent.exe 2792 2,092 K 5,288 K Launch Agent Service Research In Motion Limited
Rtvscan.exe 3128 59,316 K 2,616 K Symantec AntiVirus Symantec Corporation
rundll32.exe 1136 6,444 K 30,692 K Run a DLL as an App Microsoft Corporation
services.exe 1132 2,036 K 9,020 K Services and Controller app Microsoft Corporation
SmcGui.exe 3732 8,492 K 4,508 K Symantec CMC SmcGui Symantec Corporation
smss.exe 996 172 K 904 K Windows NT Session Manager Microsoft Corporation
spoolsv.exe 392 4,384 K 34,016 K Spooler SubSystem App Microsoft Corporation
stacsv.exe 428 3,020 K 16,252 K IDT PC Audio IDT, Inc.
sttray.exe 3244 7,296 K 14,572 K IDT PC Audio IDT, Inc.
sua.exe 2196 708 K 7,624 K Secunia Update Agent Secunia
svchost.exe 1312 3,212 K 31,016 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1396 2,152 K 30,612 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1520 23,436 K 76,216 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1828 1,864 K 23,096 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2936 2,976 K 30,720 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2220 4,144 K 29,372 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 3656 1,740 K 25,744 K Generic Host Process for Win32 Services Microsoft Corporation
System 4 0 K 244 K
ULCDRSvr.exe 2956 496 K 4,484 K ULCDRSvr Ulead Systems, Inc.
UMVPFSrv.exe 636 1,772 K 9,248 K Logitech User mode UMVPF service Logitech Inc.
winlogon.exe 1088 6,884 K 2,860 K Windows NT Logon Application Microsoft Corporation
wmiprvse.exe 2324 1,892 K 6,748 K WMI Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
procexp.exe 2164 0.78 10,276 K 16,324 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Smc.exe 1688 0.78 12,756 K 4,892 K Symantec CMC Smc Symantec Corporation
System Idle Process 0 98.44 0 K 16 K




I have also downloaded and installed Speedy Fox as instructed.

Thank you!!! Please let me know what next steps if any are required!

Jim Grigsby - Indiana
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,780 posts
  • MVP
Funny. I just downloaded it without a problem.
I changed the extension to .txt because the forum doesn't like .exe files then attached it to this post so you should be able to download it then right click and Rename it to change the .txt back to .exe then run it as previously instructed.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
change the a-v scan to None.
Click the "Scan" button to start scan




On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

IF it crashes, uncheck trace disk IO calls then try it again.


Speccy says you are running pretty hot for a desktop which it appears this is. I'd turn it off but leave it plugged up then open it up and vacuum out the dust from all of the vents. There should be a fan on top of the CPU or blowing on it through a vent. Make sure the fan is turning strongly. Ron's unofficial test for a fan is to take the eraser end of a pencil and use it to stop the fan then quickly pull it out. The fan should get back up to speed with very little delay.

I would definitely get rid of Symantec and install the free Avast.

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US)

Run the Norton Removal tool.

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours so this is a good test to run while you sleep.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Ron
  • 0

#5
Jim Grigsby

Jim Grigsby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I downloaded the ASWmbr and ran it as instructed. Here is the log file below - the "fix" button was NOT enabled.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-25 13:25:08
-----------------------------
13:25:08.140 OS Version: Windows 5.1.2600 Service Pack 3
13:25:08.140 Number of processors: 2 586 0xF02
13:25:08.140 ComputerName: GRIGSBY-HOME UserName: Jim
13:25:08.656 Initialize success
13:26:11.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
13:26:11.593 Disk 0 Vendor: ST3320620AS 3.AAE Size: 305245MB BusType: 3
13:26:11.609 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
13:26:11.609 Disk 1 Vendor: ST3320620AS 3.AAE Size: 305245MB BusType: 3
13:26:13.625 Disk 0 MBR read successfully
13:26:13.625 Disk 0 MBR scan
13:26:13.625 Disk 0 Windows XP default MBR code
13:26:13.625 Disk 0 scanning sectors +625137345
13:26:13.687 Disk 0 scanning C:\WINDOWS\system32\drivers
13:26:22.421 Service scanning
13:26:26.015 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
13:26:26.015 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
13:26:26.031 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
13:26:26.031 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
13:26:26.531 Modules scanning
13:26:30.750 Disk 0 trace - called modules:
13:26:30.765 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:26:30.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a608ab8]
13:26:30.765 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a5f59e8]
13:26:30.765 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a5f4b00]
13:26:30.765 Scan finished successfully
13:26:55.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jim\Desktop\MBR.dat"
13:26:55.734 The log file has been saved successfully to "C:\Documents and Settings\Jim\Desktop\aswMBR.txt"


For the VEW text logs (both of them including the "applications" run, they are both below:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 25/08/2011 1:19:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/08/2011 8:48:20 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 192.168.1.102 for the Network Card with network address 0019D11DAF26 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/08/2011 11:39:20 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.





Vino's Event Viewer v01c run on Windows XP in English
Report run at 25/08/2011 1:21:27 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/08/2011 9:21:16 AM
Type: error Category: 0
Event: 45 Source: Symantec AntiVirus
SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe Event Info: Terminate Process Action Taken: Logged Actor Process: C:\Documents and Settings\Jim\My Documents\Downloads\OTL(1).exe (PID 1944) Time: Thursday, August 25, 2011 9:21:16 AM

Log: 'Application' Date/Time: 11/08/2011 8:57:21 AM
Type: error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


Log: 'Application' Date/Time: 09/08/2011 5:16:50 PM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 09/08/2011 5:16:50 PM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 09/08/2011 5:16:50 PM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 09/08/2011 5:16:50 PM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 09/08/2011 5:14:41 PM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 09/08/2011 5:14:41 PM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 09/08/2011 5:14:41 PM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 09/08/2011 5:14:41 PM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 31/07/2011 10:12:01 AM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 31/07/2011 10:12:01 AM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 31/07/2011 10:12:01 AM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 31/07/2011 10:12:01 AM
Type: error Category: 0
Event: 1 Source: nview
failed to retrieve module name

Log: 'Application' Date/Time: 31/07/2011 9:57:54 AM
Type: error Category: 0
Event: 51 Source: Symantec AntiVirus
Security Risk Found!Tracking Cookies in File: Unavailable by: Startup scan. Action: Quarantine failed : Leave Alone failed. Action Description: The file was deleted successfully.

Log: 'Application' Date/Time: 31/07/2011 9:57:53 AM
Type: error Category: 0
Event: 46 Source: Symantec AntiVirus
Security Risk Found!Tracking Cookies in File: Unavailable by: Startup scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Log: 'Application' Date/Time: 22/07/2011 8:45:02 AM
Type: error Category: 0
Event: 0 Source: Lavasoft Ad-Aware Service
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/08/2011 5:41:12 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 08/08/2011 10:55:11 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside d:\Software\WinTools8\WinZip\winzip81.exe due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:54:05 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside d:\Software\Nero 6.6.19b\InCD Reader\InCD\shared.txt.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:54:04 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside d:\Software\Nero 6.6.19b\InCD 4\InCD\shared.txt.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:54:04 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside d:\Software\Nero 6.6.19b\InCD 4\InCD\Error.log.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:54:04 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside d:\Software\Nero 6.6.19b\InCD 4\i386\SrvError.Log.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:53:46 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside d:\Software\MS Office 2003\YH561403.CAB due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:53:02 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside d:\Software\MS Office 2003\F2561406.CAB due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:47:36 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside d:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\YH561403.CAB due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:47:05 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 7 files inside d:\HP OfficeJet 7210\rub_w01_Americas_Euro1.exe due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:37:58 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside c:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.7.0\Data1.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:37:50 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside c:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_26\Data1.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:37:44 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside c:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_25\Data1.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:37:38 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside c:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_24\Data1.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:37:31 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside c:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_23\Data1.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:37:25 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside c:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_22\Data1.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:37:19 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside c:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_21\Data1.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:37:11 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside c:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_20\Data1.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:37:05 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside c:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_19\Data1.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent


Log: 'Application' Date/Time: 08/08/2011 10:36:59 AM
Type: warning Category: 0
Event: 6 Source: Symantec AntiVirus
Could not scan 1 files inside c:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_18\Data1.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent





I have also deleted the Symantec by uninstalling it and using the removal tool. I downloaded the newest updated version of Avast and did both the boot scan and full computer scan and checked the logs; No viruses were found.

I will get insided the desktop case and check and clean all dust as you suggested as well. I beleive I covered all scans and tools you sent? Again thanks for your assistance!!!!
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,780 posts
  • MVP
Your event logs are full of Symantec errors so now that you have removed it let's clear the event logs again:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

Then run VEW again as before.

The locked files that aswMBR complained about were all Symantec so nothing to worry about.

Have things improved any?

Ron
  • 0

#7
Jim Grigsby

Jim Grigsby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/08/2011 10:38:19 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/08/2011 10:42:00 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I cleared as ran VUE again and provided the txt above for both runs. Yes, it does seem to run smoother and quicker. I have noticed that the HP printer software icon comes up much quicker - it used to take several min to fully initialize. Question - the lava soft icon for ad-awaire comes up automatically along with the Avast anti virus. I right click on the lavasoft to turn it off as I have understood these programs can interfere with each other. Is there any reason I should even have the ad-aware on system anymore? Does Avast not only watch for virus but also malware and could simply take care of it all? The Lavasoft free edition does not allow me to turn off this "auto on watch" feature. Any other tweaks you could suggest? You are up early for WA state!!! Thanks again!!
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,780 posts
  • MVP
I think you can live without Ad-Aware. I haven't bothered with it in years.

I think we are done except for the cleanup:

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 26 or maybe even 7 Update 0 by now). Get the latest at:

http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not allow it to install the Yahoo toolbar or McAfee Virus scan or other foistware. Even if you do have the latest version make sure you have removed all old versions:

Go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. (Java is really bad about leaving old consoles in Firefox and this slows it down a lot. Just disable any that don't have the current number.) Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Close Firefox and click on Speedup my Firefox. Exit. You can run it any time that Firefox seems slow or after an upgrade (of Firefox or Java or other extension).

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
Jim Grigsby

Jim Grigsby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ron:

I have removed all old Java programs and installed the newest one as you suggested.

I also removed Ad-Aware

I cleaned up the System Restore by following your instructions.

I copied and pasted the combofix uninstall and it did NOT work.

Some of the tools show up in add/remove programs - can I simply remove?

As for the hiding of folders - I followed your directions and all boxes you said were already checked - so I just exited out of this. Is that ok?

I followed you directions for the Java Script item in Adobe Reader.

I have used Update checker for some time and very much like it, and use it.


I do NOT use any P2P at all so that should not be an issue.

I am using the highest encryption on my N wireless router; I just installed this last month. Is it neccessary for me to create a new password again?

I did check the latest plugin for Firefox and updated. I also already use AdBlock and also like it as well.

Lastly - and perhaps totaly unrelated...I have noticed that everytime I attempt to print, my computer defaults to something in my "printers" section to Webex Document Loader. I ONLY use a HP Office Jet 7200 series (and fax) and this section shows"
Microsoft Office Document Image Writer
Webex Document Loader Fax
Webex Document Loader

I have repeatedly tried to set the 7200 as my printer (right click on it) but computer still tries to print via Webex Doc Loader. Can these just be deleted??
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,780 posts
  • MVP
The combofix uninstall didn't work because you ran it from downloads instead of your desktop.


To uninstall combofix, copy the next line:

c:\documents and settings\Jim\My Documents\Downloads\ComboFix.exe /Uninstall


Start, Run, cmd, OK then right click, Paste, then hit Enter.

You can remove or uninstall anything you don't need.


Apparently the WebEx document stuff comes from Cisco's WebEx software. You can uninstall it if you don't use it:

http://www.ehow.com/...move-webex.html

No need to change the password on the router if you already have your own password on it. So many people still use the default out of the box password which allows malware to log onto and infect the router.
  • 0

#11
Jim Grigsby

Jim Grigsby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ron:

I have been out of town since last week and regret not immediatly letting you know how much help you have been! I very much appreciate your help; the system seems to be running MUCH smoother now. The only item left is for me to pull the desktop case and clean as you suggested - I am sure it needs this. You have been outstanding in assisting a novice navigate through all of this! Best to you !

Jim Grigsby
Indiana
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,780 posts
  • MVP
Great.

I just added some memory to an old Dell for a friend and decided to clean it while I had it open. Good thing. The heatsink under the CPU fan was completely clogged with dust. Had to remove the fan (four screws) to get to it but I'm sure the CPU is cooler and happier.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP