Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SLOWED CPU & (1) FAILURE TO BOOT - SUSPECT VIRUS/ROOTKIT OR MALWAR


  • Please log in to reply

#1
antyc1

antyc1

    New Member

  • Member
  • Pip
  • 9 posts
I have a Latitude D610 laptop Intel ®, Pentium ®M, processor 2.13 GHz, 1.60 Ghz, 1.99 GB of Ram that is running Windows XP Professional, Version 2002, Service Pack 3
(Essexboy was able to assist me last March,and I am hoping that someone can help me again.)

About 2 MO ago after doing a Windows Update the whole computer started to slow down like molasses. It has becoming increasingly and intolerably slower daily.

I regularly run and have repeatedly run free versions of Malwarebytes Anti-Malware, and AVG, and also Registry Mechanic (a paid subscription). I have also run Free version of Puran Defrag w/disk check and can't seem to find anything. I also have Free version of Sygate firewall running.

1. It now takes FOREVER for my machine to boot up, and it often locks up, and programs
not working properly (Shut down, cease to function, etc.).

2. Two days ago the computer failed to boot. I was able to boot in using Safe Mode
w/Networking. Since that time I have NOT shut the computer down fearing will
not be able to get back on and/or out on net.

3. I have a print job for my HP psc 1315 ink jet printer STUCK in the cue (will not
delete or purge the print job. (I suspect it would if I rebooted, but I am afraid to
do so.)


4. Yesterday I ran OTL.exe QUICK SCANS (three versions, at 30 days, 30 days
and 90 days. I am NOT tech savy enough to interpret the output, but am hoping
someone can help me. (I have attached the 90 out OTL scan in a file, and
also pasted it below.

5. I have saved several tools from when Essexboy helped me but not sure what to run, etc.
This is what I have downloaded now: ERUNT Reg BU, tdsskiller, GooredFix, OTM.exe

OTL OUTPUT:

OTL logfile created on: 8/30/2011 11:27:03 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.52% Memory free
3.83 Gb Paging File | 2.97 Gb Available in Paging File | 77.58% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 28.71 Gb Free Space | 51.37% Space Free | Partition Type: NTFS

Computer Name: VALUED-0CB2439E | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/23 10:26:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/28 11:17:03 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/11/10 10:14:38 | 000,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/07/08 23:25:58 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/03 03:19:18 | 000,639,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2006/08/03 03:16:08 | 000,426,051 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2006/08/03 03:14:14 | 000,389,186 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2006/08/03 03:13:32 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2005/07/07 06:08:00 | 000,135,168 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
PRC - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
PRC - [2004/06/22 08:05:02 | 000,647,168 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng10.exe
PRC - [2004/06/22 08:05:02 | 000,385,024 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc10.exe
PRC - [2002/09/24 08:21:54 | 000,086,016 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe


========== Modules (SafeList) ==========

MOD - [2011/07/23 10:26:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/10/15 18:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/28 11:17:03 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/07 17:29:44 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2006/08/03 03:16:08 | 000,426,051 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2006/08/03 03:13:32 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)
SRV - [2003/04/29 14:29:54 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/07/30 19:42:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2006/10/25 06:24:38 | 002,208,768 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/10/12 15:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/03 13:11:32 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/05/31 11:46:26 | 000,087,936 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/11 13:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004/08/23 14:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 11:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://co120w.col120...in1.0&rru=inbox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Valued Customer\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/28 18:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/08 13:48:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/03/23 21:34:17 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A53C54C-67A7-47A7-B341-ED0E5593BD1F} http://192.168.1.103...j1_02030112.cab (INetViewX Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcopho...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1247117265375 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/09 20:20:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/28 20:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Desktop\GEEKS TO GO 032311
[2011/08/28 09:30:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/08/07 16:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Desktop\DISNEYLAND
[2011/08/05 09:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Desktop\FARRINGTON TRUST ATTY 090711 FINAL DOCS

========== Files - Modified Within 30 Days ==========

[2011/08/31 00:45:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/30 21:17:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/08/30 21:12:59 | 130,607,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/30 13:45:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/30 09:38:45 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2011/08/29 19:55:29 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/08/28 16:36:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/28 13:17:07 | 000,010,330 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Tab Separated Values (Windows).CAL
[2011/08/28 10:10:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/28 10:08:17 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-57989841-682003330-1003.job
[2011/08/28 10:07:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/27 18:46:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-57989841-682003330-1003.job
[2011/08/24 14:50:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/20 08:51:57 | 000,008,181 | ---- | M] () -- C:\WINDOWS\lviewp.ini
[2011/08/10 12:19:11 | 000,506,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 12:19:11 | 000,089,482 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 11:00:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/05/13 22:20:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\{D9327986-BFC5-47E2-B958-78950C5A241D}
[2011/05/13 22:20:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\{4E85B61D-25BB-4938-B2D0-92F348E5A453}
[2011/01/04 14:08:37 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/01/04 14:08:37 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2011/01/04 14:08:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/12/28 11:16:22 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/08/04 22:44:49 | 000,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/15 12:33:51 | 000,013,054 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft Excel 97-2003.CAL
[2010/06/15 12:33:38 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/04 09:16:45 | 000,009,420 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\Tab Separated Values (Windows).EML
[2010/03/17 10:10:13 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/03/09 09:26:41 | 000,013,052 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\Comma Separated Values (Windows).CAL
[2010/02/01 08:38:33 | 000,038,527 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\Comma Separated Values (Windows).ADR
[2010/01/27 18:35:11 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2009/12/25 15:25:41 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/10/13 22:05:05 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/10/13 22:05:05 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2009/10/13 22:04:59 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2009/10/13 22:04:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2009/10/13 22:04:59 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2009/10/13 22:04:33 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2009/10/10 20:08:35 | 000,042,483 | ---- | C] () -- C:\WINDOWS\ICCCODES.DAT
[2009/10/10 20:08:35 | 000,037,714 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2009/10/10 19:52:06 | 000,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll
[2009/10/10 19:41:57 | 000,029,184 | ---- | C] () -- C:\WINDOWS\ALDLEARN.DLL
[2009/10/10 19:41:41 | 000,236,734 | ---- | C] () -- C:\WINDOWS\PXENGWIN.DLL
[2009/10/10 19:41:40 | 000,084,672 | ---- | C] () -- C:\WINDOWS\PCDLIB.DLL
[2009/10/10 19:40:58 | 000,135,483 | ---- | C] () -- C:\WINDOWS\PANOSE.DAT
[2009/09/27 10:42:32 | 000,010,330 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\Tab Separated Values (Windows).CAL
[2009/08/24 12:24:18 | 000,008,181 | ---- | C] () -- C:\WINDOWS\lviewp.ini
[2009/08/24 11:01:11 | 000,000,570 | ---- | C] () -- C:\WINDOWS\PHOTO2PE.BIN
[2009/08/24 11:01:11 | 000,000,461 | ---- | C] () -- C:\WINDOWS\PHOTO!2.INI
[2009/08/06 15:22:31 | 000,103,509 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2009/08/06 15:22:31 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 18:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/10/08 08:35:57 | 000,148,480 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/10 15:53:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/01/10 15:53:02 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/01/10 15:53:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/01/10 13:20:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007/01/09 20:23:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/01/09 20:16:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/01/09 13:00:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/01/09 12:59:04 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/03 03:24:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PfMgrTool.exe
[2006/08/03 03:24:08 | 000,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2006/08/03 03:16:54 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\ShellNav.dll
[2006/08/03 03:15:16 | 000,528,453 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2006/08/03 03:14:18 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/13 03:00:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/01/13 03:00:10 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/10/15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,506,184 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,089,482 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/06 21:56:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/24 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[1995/10/27 12:06:09 | 000,000,169 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[1995/10/24 11:28:53 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== LOP Check ==========

[2010/10/12 16:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/12 16:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/12 16:27:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/09/27 11:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/05/30 10:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/05 18:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/08/30 21:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/12 16:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG10
[2009/11/19 16:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG9
[2010/05/16 22:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Facebook
[2010/05/27 20:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\NCH Swift Sound
[2011/03/02 20:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\OpenCandy
[2011/06/21 18:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\PrimoPDF
[2010/05/27 20:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Recordpad
[2010/12/28 11:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Registry Mechanic
[2010/02/25 18:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Singlesnet
[2009/08/29 12:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\VERITAS
[2011/08/28 16:36:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/19 18:28:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
[2010/05/27 20:30:08 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnSevenDaysInit.job
[2010/10/11 18:28:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2011/08/30 21:17:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements


#2
antyc1

antyc1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I forgot to mention that I also tried to do a SYSTEM RESTORE back to 6/14/2011, but it failed.

AND NOW TODAY, I am starting to get the flashlight..i.e.:
1. tried to bring up the control panel and flashlight came up trying to locate items...finally it showed.
2. Got the flashlight when I was saving a WORD Document, the Save As window came up with flashlight and a message, "Initializing folders", then finally the list of what was in My Documents (in that window) appeared.
  • 0

#3
antyc1

antyc1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I didn't realize that you have to run the anti-rootkit portion of Free AVG manually and separately. I ran it and found (2) rootkits 1) wpsdrvnt.sys (an IRP hook); and 2) teefer.sys. I had AVG delete them. I reran the anti-rootkit portion of AVG again and it now finds nothing. Then I also ran tdsskiller.exe (Kaspersky's anti-rootkit software) and nothing found.

My computer seems MUCH FASTER NOW...my question is...is there something else I need to do? WOULD THERE STILL be some malware hiding on my computer that created/caused the rootkits, that I am not finding?

Help please ;o)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP