Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop freezes after I try to use a web browser


  • Please log in to reply

#1
Henry77

Henry77

    Member

  • Member
  • PipPip
  • 58 posts
The laptop boots fine, but after a few mins it will slow down, and eventually freeze. if I try to open a web browser like firefox right away it will instantly freeze. I've run malware bytes, but nothing has come up so far. I had to uninstall it, and reinstall it in safe mode to get it working, but nothing fixed it. What should my next step be?

Dell Inspiron E1505
Windows XP sp3

Thanks
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Wait until the PC has been on a while and is starting to slow down then Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Ron
  • 0

#3
Henry77

Henry77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I took a few tries, but I was able to get both programs to work as directed.

============================================

OTL logfile created on: 9/18/2011 11:14:58 AM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Hank\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 639.02 Mb Available Physical Memory | 63.00% Memory free
2.38 Gb Paging File | 2.09 Gb Available in Paging File | 87.78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.17 Gb Total Space | 0.58 Gb Free Space | 1.86% Space Free | Partition Type: NTFS

Computer Name: TIGER2 | User Name: Hank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/16 20:54:22 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hank\Desktop\OTL.exe
PRC - [2011/08/12 08:18:17 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/01/13 01:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 01:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/02 17:59:52 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/12/28 10:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 09:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 09:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/16 19:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/06 19:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 08:33:23 | 001,299,456 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11081701\algo.dll
MOD - [2011/08/16 08:12:29 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11081701\aswRep.dll
MOD - [2011/01/13 01:47:29 | 000,142,872 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/22 17:00:28 | 000,049,152 | ---- | M] () -- c:\dell\E-Center\GTB.exe
MOD - [2005/12/28 10:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/28 10:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/28 10:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/08/05 12:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/12/26 18:34:38 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/13 01:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/06/28 17:01:48 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/12/28 10:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2005/10/06 19:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 01:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 01:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 01:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 01:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 01:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 01:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/28 17:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/04/02 17:59:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/12/28 11:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/04 14:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/16 19:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/14 13:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 13:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 13:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 14:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 14:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 01:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 01:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 01:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/03/23 19:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/02/13 14:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Hank\Application Data\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 14:54:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/14 20:37:27 | 000,000,000 | ---D | M]

[2008/12/22 00:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hank\Application Data\Mozilla\Extensions
[2011/08/03 20:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hank\Application Data\Mozilla\Firefox\Profiles\x4wz7dvz.default\extensions
[2011/07/15 22:28:24 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Hank\Application Data\Mozilla\Firefox\Profiles\x4wz7dvz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/06/14 19:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/04 20:24:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HANK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X4WZ7DVZ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HANK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X4WZ7DVZ.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HANK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X4WZ7DVZ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2010/11/04 20:24:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/26 14:54:16 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 14:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/11/04 20:23:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/04/13 23:42:15 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2011/06/14 20:37:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/11/01 21:13:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ECenter] c:\dell\E-Center\gtb.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1144620445507 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1144620439055 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Hank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/30 09:42:18 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/18 11:07:45 | 004,087,040 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Hank\Desktop\spsetup112.exe
[2011/09/17 12:09:44 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hank\Desktop\OTL.exe
[2011/08/29 20:24:12 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/29 20:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/29 20:24:08 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files - Modified Within 30 Days ==========

[2011/09/18 11:06:07 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/18 11:05:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/18 11:04:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/18 11:04:53 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/18 02:25:22 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/17 12:06:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/16 20:57:48 | 004,087,040 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Hank\Desktop\spsetup112.exe
[2011/09/16 20:54:22 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hank\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2011/09/17 12:06:47 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/19 19:00:54 | 000,154,224 | ---- | C] () -- C:\Documents and Settings\Hank\Local Settings\Application Data\prvlcl.dat
[2009/03/08 15:22:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/11 21:44:17 | 000,001,357 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/07/23 09:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 09:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/05/04 15:33:48 | 000,000,062 | ---- | C] () -- C:\WINDOWS\ftk.INI
[2007/06/28 17:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/11/03 21:12:36 | 000,000,102 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
[2006/06/06 20:57:22 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/06 20:57:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/09 17:50:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/04/08 20:25:16 | 000,134,656 | ---- | C] () -- C:\Documents and Settings\Hank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/08 13:25:11 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/04/08 13:24:55 | 000,004,257 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/07 23:18:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/07 19:40:10 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/07 17:42:55 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Hank\Local Settings\Application Data\fusioncache.dat
[2006/04/02 18:11:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/02 18:04:50 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/04/02 18:00:16 | 000,000,250 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/02 17:58:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/02 17:55:48 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/02 17:31:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/04/02 17:30:58 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/04/02 17:30:38 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 02:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 02:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 02:27:59 | 000,124,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 02:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 02:18:33 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 02:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 02:18:33 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 02:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 02:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 02:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 02:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 02:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 02:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 02:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 02:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 12:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#4
Henry77

Henry77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Second log:

==============================

OTL Extras logfile created on: 9/18/2011 11:14:58 AM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Hank\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 639.02 Mb Available Physical Memory | 63.00% Memory free
2.38 Gb Paging File | 2.09 Gb Available in Paging File | 87.78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.17 Gb Total Space | 0.58 Gb Free Space | 1.86% Space Free | Partition Type: NTFS

Computer Name: TIGER2 | User Name: Hank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"1626:TCP" = 1626:TCP:*:Enabled:Game
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\BitTorrent_DNA\dna.exe" = C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA -- ()
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Hank\Desktop\utorrent.exe" = C:\Documents and Settings\Hank\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2A7F5E60-329D-4A9F-8FAA-CEE297F2D25B}" = AccessData Forensic Toolkit
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78BC5838-099A-402E-8868-ED8AA3506F42}" = ProDiscover Basic 4.8a
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0620409-8B20-48A0-ACA0-09D5FC90D316}" = Visual Basic .NET Standard 2003 - English
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"avast5" = avast! Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"EHome Devices" = Media Center Extender
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESET Online Scanner" = ESET Online Scanner v3
"Eye Candy 4000" = Eye Candy 4000
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Packet Tracer_is1" = Packet Tracer 3.1
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer Basic
"SolarWinds Advanced Subnet Calculator" = SolarWinds Advanced Subnet Calculator
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Requirements Lab" = System Requirements Lab
"Trillian" = Trillian
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Basic .NET Standard 2003 - English" = Microsoft Visual Basic .NET Standard 2003 - English
"Visual CertExam Suite_is1" = Visual CertExam Suite 1.9
"VLC media player" = VLC media player 1.1.8
"WGA" = Windows Genuine Advantage Validation Tool
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.1
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 0.99.6a
"WMCSetup" = Windows Media Connect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2011 10:33:36 PM | Computer Name = TIGER2 | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 8/14/2011 5:30:52 PM | Computer Name = TIGER2 | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 8/14/2011 11:17:00 PM | Computer Name = TIGER2 | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 8/15/2011 6:34:30 PM | Computer Name = TIGER2 | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 8/16/2011 10:51:49 AM | Computer Name = TIGER2 | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 8/17/2011 10:58:31 PM | Computer Name = TIGER2 | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 9/18/2011 1:00:10 AM | Computer Name = TIGER2 | Source = ESENT | ID = 489
Description = wuauclt (3664) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/18/2011 1:00:10 AM | Computer Name = TIGER2 | Source = ESENT | ID = 455
Description = wuaueng.dll (3664) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/18/2011 1:00:24 AM | Computer Name = TIGER2 | Source = ESENT | ID = 489
Description = wuauclt (3664) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/18/2011 1:00:24 AM | Computer Name = TIGER2 | Source = ESENT | ID = 455
Description = wuaueng.dll (3664) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 9/17/2011 7:28:01 PM | Computer Name = TIGER2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/17/2011 7:28:08 PM | Computer Name = TIGER2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/17/2011 7:28:15 PM | Computer Name = TIGER2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/17/2011 7:28:22 PM | Computer Name = TIGER2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/17/2011 7:28:28 PM | Computer Name = TIGER2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/17/2011 7:28:35 PM | Computer Name = TIGER2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/17/2011 7:28:42 PM | Computer Name = TIGER2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/17/2011 7:28:49 PM | Computer Name = TIGER2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/17/2011 7:28:56 PM | Computer Name = TIGER2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/17/2011 7:29:03 PM | Computer Name = TIGER2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >
  • 0

#5
Henry77

Henry77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Speccy Log:

===========================================

Summary
Operating System
MS Windows XP Media Center Edition Professional 32-bit SP3
CPU
Intel Core Duo T2400 @ 1.83GHz 35 °C
Yonah 65nm Technology
RAM
1.00 GB Dual-Channel DDR2 @ 266MHz (4-4-4-12)
Motherboard
Dell Inc. 0KD882 (Microprocessor) 38 °C
Graphics
Plug and Play Monitor (1680x1050@60Hz)
Mobile Intel® 945GM Express Chipset Family
Mobile Intel® 945GM Express Chipset Family
Hard Drives
37.6GB TOSHIBA TOSHIBA MK4032GSX (SATA) 37 °C
Optical Drives
PHILIPS CDRW/DVD SCB5265
Audio
SigmaTel High Definition Audio CODEC
Operating System
MS Windows XP Media Center Edition Professional 32-bit SP3
Installation Date: 07 April 2006, 17:42
Serial Number: XXXX-XXXX-XXXXX-XXXXX-XXXXX
Windows Security Center
Firewall Enabled
Windows Update
AutoUpdate Notify prior to download
Antivirus
Antivirus Enabled
Company Name AVAST Software
Display Name avast! Antivirus
Product Version 5.0.83952905
Environment Variables
USERPROFILE C:\Documents and Settings\Hank
SystemRoot C:\WINDOWS
User Variables
TEMP C:\Documents and Settings\Hank\Local Settings\Temp
TMP C:\Documents and Settings\Hank\Local Settings\Temp
LIB C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
INCLUDE C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\
Machine Variables
ComSpec C:\WINDOWS\system32\cmd.exe
Path
C:\WINDOWS\system32
C:\WINDOWS
C:\WINDOWS\system32\wbem
C:\Program Files\QuickTime\QTSystem
windir C:\WINDOWS
FP_NO_HOST_CHECK NO
OS Windows_NT
PROCESSOR_ARCHITECTURE x86
PROCESSOR_LEVEL 6
PROCESSOR_IDENTIFIER x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_REVISION 0e08
NUMBER_OF_PROCESSORS 2
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP C:\WINDOWS\TEMP
TMP C:\WINDOWS\TEMP
INCLUDE C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\
LIB C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
VS71COMNTOOLS C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\
CLASSPATH
.
C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
QTJAVA C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
Process List
aawservice.exe
Process ID 1720
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
Memory Usage 1.59 MB
Peak Memory Usage 463 MB
alg.exe
Process ID 3992
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\System32\alg.exe
Memory Usage 3.85 MB
Peak Memory Usage 3.86 MB
avastsvc.exe
Process ID 1860
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
Memory Usage 22 MB
Peak Memory Usage 63 MB
avastui.exe
Process ID 1972
User Hank
Domain TIGER2
Path C:\Program Files\Alwil Software\Avast5\avastUI.exe
Memory Usage 2.38 MB
Peak Memory Usage 6.39 MB
csrss.exe
Process ID 944
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\csrss.exe
Memory Usage 3.91 MB
Peak Memory Usage 3.94 MB
ctfmon.exe
Process ID 184
User Hank
Domain TIGER2
Path C:\WINDOWS\system32\ctfmon.exe
Memory Usage 3.68 MB
Peak Memory Usage 3.71 MB
dlg.exe
Process ID 408
User Hank
Domain TIGER2
Path C:\Program Files\Digital Line Detect\DLG.exe
Memory Usage 3.00 MB
Peak Memory Usage 3.00 MB
dllhost.exe
Process ID 3740
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\dllhost.exe
Memory Usage 6.43 MB
Peak Memory Usage 6.48 MB
dvdlauncher.exe
Process ID 1360
User Hank
Domain TIGER2
Path C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
Memory Usage 2.66 MB
Peak Memory Usage 2.66 MB
ehmsas.exe
Process ID 4072
User Hank
Domain TIGER2
Path C:\WINDOWS\eHome\ehmsas.exe
Memory Usage 2.91 MB
Peak Memory Usage 2.91 MB
ehrecvr.exe
Process ID 2084
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\eHome\ehRecvr.exe
Memory Usage 4.76 MB
Peak Memory Usage 4.77 MB
ehsched.exe
Process ID 2100
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\eHome\ehSched.exe
Memory Usage 4.91 MB
Peak Memory Usage 4.98 MB
ehtray.exe
Process ID 140
User Hank
Domain TIGER2
Path C:\WINDOWS\ehome\ehtray.exe
Memory Usage 1.42 MB
Peak Memory Usage 4.94 MB
evteng.exe
Process ID 1372
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Memory Usage 7.95 MB
Peak Memory Usage 7.97 MB
explorer.exe
Process ID 740
User Hank
Domain TIGER2
Path C:\WINDOWS\Explorer.EXE
Memory Usage 36 MB
Peak Memory Usage 51 MB
googlecrashhandler.exe
Process ID 2284
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
Memory Usage 556 KB
Peak Memory Usage 3.74 MB
googleupdate.exe
Process ID 2240
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Google\Update\GoogleUpdate.exe
Memory Usage 1.89 MB
Peak Memory Usage 4.60 MB
gtb.exe
Process ID 992
User Hank
Domain TIGER2
Path c:\dell\E-center\gtb.exe
Memory Usage 1.04 MB
Peak Memory Usage 1.04 MB
hkcmd.exe
Process ID 1224
User Hank
Domain TIGER2
Path C:\WINDOWS\system32\hkcmd.exe
Memory Usage 2.91 MB
Peak Memory Usage 2.92 MB
ifrmewrk.exe
Process ID 1260
User Hank
Domain TIGER2
Path C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
igfxpers.exe
Process ID 1232
User Hank
Domain TIGER2
Path C:\WINDOWS\system32\igfxpers.exe
Memory Usage 2.97 MB
Peak Memory Usage 3.00 MB
igfxsrvc.exe
Process ID 1524
User Hank
Domain TIGER2
Path C:\WINDOWS\system32\igfxsrvc.exe
Memory Usage 3.35 MB
Peak Memory Usage 3.36 MB
issch.exe
Process ID 1660
User Hank
Domain TIGER2
Path C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Memory Usage 1.56 MB
Peak Memory Usage 1.56 MB
jqs.exe
Process ID 2372
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Java\jre6\bin\jqs.exe
Memory Usage 1.38 MB
Peak Memory Usage 16 MB
jusched.exe
Process ID 1916
User Hank
Domain TIGER2
Path C:\Program Files\Common Files\Java\Java Update\jusched.exe
Memory Usage 6.30 MB
Peak Memory Usage 6.39 MB
lsass.exe
Process ID 1024
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\lsass.exe
Memory Usage 1.77 MB
Peak Memory Usage 6.41 MB
mcrdsvc.exe
Process ID 2908
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\ehome\McrdSvc.exe
Memory Usage 2.94 MB
Peak Memory Usage 2.95 MB
mdm.exe
Process ID 2468
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Memory Usage 3.05 MB
Peak Memory Usage 3.05 MB
nicconfigsvc.exe
Process ID 2532
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
Memory Usage 4.92 MB
Peak Memory Usage 4.94 MB
notepad.exe
Process ID 3836
User Hank
Domain TIGER2
Path C:\WINDOWS\notepad.exe
Memory Usage 3.47 MB
Peak Memory Usage 3.47 MB
realplay.exe
Process ID 1504
User Hank
Domain TIGER2
Path C:\Program Files\Real\RealPlayer\RealPlay.exe
Memory Usage 6.16 MB
Peak Memory Usage 6.27 MB
regsrvc.exe
Process ID 2564
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Memory Usage 3.21 MB
Peak Memory Usage 3.23 MB
rmsvc.exe
Process ID 2592
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\ehome\RMSvc.exe
Memory Usage 4.62 MB
Peak Memory Usage 4.62 MB
rmsystry.exe
Process ID 576
User Hank
Domain TIGER2
Path C:\WINDOWS\ehome\RMSysTry.exe
Memory Usage 2.82 MB
Peak Memory Usage 2.82 MB
s24evmon.exe
Process ID 1408
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Memory Usage 5.67 MB
Peak Memory Usage 5.77 MB
services.exe
Process ID 1012
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\services.exe
Memory Usage 4.33 MB
Peak Memory Usage 4.57 MB
smss.exe
Process ID 888
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 416 KB
Peak Memory Usage 504 KB
speccy.exe
Process ID 1364
User Hank
Domain TIGER2
Path C:\Program Files\Speccy\Speccy.exe
Memory Usage 12 MB
Peak Memory Usage 41 MB
spoolsv.exe
Process ID 1732
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\spoolsv.exe
Memory Usage 4.95 MB
Peak Memory Usage 5.02 MB
stsystra.exe
Process ID 1340
User Hank
Domain TIGER2
Path C:\WINDOWS\stsystra.exe
Memory Usage 4.00 MB
Peak Memory Usage 4.00 MB
svchost.exe
Process ID 2632
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.07 MB
Peak Memory Usage 4.18 MB
svchost.exe
Process ID 2648
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.50 MB
Peak Memory Usage 4.59 MB
svchost.exe
Process ID 1208
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 5.36 MB
Peak Memory Usage 5.50 MB
svchost.exe
Process ID 2336
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 3.71 MB
Peak Memory Usage 3.71 MB
svchost.exe
Process ID 1276
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.99 MB
Peak Memory Usage 5.12 MB
svchost.exe
Process ID 1316
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 27 MB
Peak Memory Usage 38 MB
svchost.exe
Process ID 1476
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 3.79 MB
Peak Memory Usage 3.87 MB
svchost.exe
Process ID 1556
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.96 MB
Peak Memory Usage 4.96 MB
svchost.exe
Process ID 1464
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 3.78 MB
Peak Memory Usage 3.79 MB
syntpenh.exe
Process ID 1368
User Hank
Domain TIGER2
Path C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Memory Usage 4.84 MB
Peak Memory Usage 4.84 MB
system
Process ID 4
Memory Usage 252 KB
Peak Memory Usage 2.02 MB
system idle process
Process ID 0
tfswctrl.exe
Process ID 1644
User Hank
Domain TIGER2
Path C:\WINDOWS\system32\dla\tfswctrl.exe
Memory Usage 3.75 MB
Peak Memory Usage 3.76 MB
wdfmgr.exe
Process ID 2684
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wdfmgr.exe
Memory Usage 2.05 MB
Peak Memory Usage 2.07 MB
winlogon.exe
Process ID 968
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\winlogon.exe
Memory Usage 5.01 MB
Peak Memory Usage 23 MB
wlkeeper.exe
Process ID 1424
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Memory Usage 6.32 MB
Peak Memory Usage 6.47 MB
wmccds.exe
Process ID 3000
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Program Files\Windows Media Connect 2\wmccds.exe
Memory Usage 6.30 MB
Peak Memory Usage 6.32 MB
wmiprvse.exe
Process ID 3788
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 5.43 MB
Peak Memory Usage 5.57 MB
wmiprvse.exe
Process ID 2824
Memory Usage 96 KB
Peak Memory Usage 96 KB
wscntfy.exe
Process ID 3920
User Hank
Domain TIGER2
Path C:\WINDOWS\system32\wscntfy.exe
Memory Usage 2.40 MB
Peak Memory Usage 2.40 MB
wuauclt.exe
Process ID 3772
User Hank
Domain TIGER2
Path C:\WINDOWS\system32\wuauclt.exe
Memory Usage 4.30 MB
Peak Memory Usage 4.30 MB
zcfgsvc.exe
Process ID 1240
User Hank
Domain TIGER2
Path C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
Memory Usage 7.90 MB
Peak Memory Usage 7.93 MB
TimeZone
TimeZone GMT -8 Hours
Language English
Country United States
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Power Profile
Active power scheme Portable/Laptop
Hibernation Enabled
Scheduler
9/18/2011 3:23 PM;Every 1 hour(s) from 8:23 AM for 24 hour(s) every day, starting 8/12/2011 GoogleUpdateTaskMachineUA
9/19/2011 8:23 AM;Run at user logon GoogleUpdateTaskMachineCore
9/19/2011 12:07 PM;At 12:07 PM every day, starting 9/18/2011 Google Software Updater
Hotfixes
11/6/2010 Security Update for Windows XP (KB2387149)
11/6/2010 Security Update for Windows XP (KB2279986)
11/6/2010 Security Update for Windows XP (KB982214)
11/6/2010 Update for Windows XP (KB2345886)
11/6/2010 Security Update for Windows XP (KB2259922)
11/6/2010 Microsoft .NET Framework 1.0 SP3 Security Update for Windows XP Tablet PC and Media Center (KB979904)
11/6/2010 Cumulative Security Update for ActiveX Killbits for Windows XP (KB980195)
11/6/2010 Security Update for Windows XP (KB2296011)
11/6/2010 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2360131)
11/6/2010 Security Update for Windows XP (KB980232)
11/6/2010 Security Update for Windows XP (KB2115168)
11/6/2010 Security Update for Windows XP (KB975558)
11/6/2010 Security Update for Windows XP (KB2378111)
11/6/2010 Security Update for Windows XP (KB981349)
11/6/2010 Security Update for Windows XP (KB2229593)
11/6/2010 Security Update for Windows XP (KB978037)
11/6/2010 Security Update for Windows XP (KB975713)
11/6/2010 Security Update for Windows XP (KB982132)
11/6/2010 Security Update for Windows XP (KB978338)
11/6/2010 Security Update for Windows XP (KB2347290)
11/6/2010 Security Update for Windows XP (KB981852)
11/6/2010 Security Update for Windows XP (KB2079403)
11/6/2010 Security Update for Windows XP (KB979687)
11/6/2010 Security Update for Windows XP (KB2121546)
11/6/2010 Security Update for Windows XP (KB975560)
11/6/2010 Security Update for Windows XP (KB977816)
11/6/2010 Security Update for Windows XP (KB978601)
11/6/2010 Security Update for Windows XP (KB980436)
11/6/2010 Security Update for Windows XP (KB981322)
11/6/2010 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP3 (KB978695)
11/6/2010 Security Update for Windows XP (KB977914)
11/6/2010 Security Update for Windows XP (KB978542)
11/6/2010 Security Update for Windows XP (KB2286198)
11/6/2010 Security Update for Windows XP (KB981957)
11/6/2010 Security Update for Windows XP (KB979309)
11/6/2010 Security Update for Windows XP (KB979482)
11/6/2010 Security Update for Windows XP (KB978706)
11/6/2010 Security Update for Windows XP (KB981997)
11/6/2010 Security Update for Windows XP (KB975562)
11/6/2010 Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)
11/6/2010 Update for Windows XP (KB2141007)
11/6/2010 Update for Windows XP (KB2158563)
11/6/2010 Security Update for Windows XP (KB982665)
11/6/2010 Security Update for Windows XP (KB2360937)
1/24/2010 Update for Windows XP (KB970430)
1/24/2010 Update for Windows XP (KB971737)
1/24/2010 Security Update for Windows XP (KB959426)
1/24/2010 Security Update for Windows XP (KB960859)
1/24/2010 Security Update for Windows XP (KB958869)
1/24/2010 Update for Windows XP (KB976098)
1/24/2010 Update for Windows XP (KB955759)
1/24/2010 Security Update for Windows XP (KB974318)
1/24/2010 Update for Windows XP (KB951978)
1/24/2010 Security Update for Windows XP (KB969059)
1/24/2010 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB968816)
1/24/2010 Security Update for Internet Explorer 7 for Windows XP (KB938127)
1/24/2010 Security Update for Windows XP (KB971657)
1/24/2010 Security Update for Windows XP (KB971557)
1/24/2010 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB954155)
1/24/2010 Security Update for Windows XP (KB960225)
1/24/2010 Security Update for Windows XP (KB972270)
1/24/2010 Security Update for Windows XP (KB956744)
1/24/2010 Security Update for Windows XP (KB974112)
1/24/2010 Security Update for Windows XP (KB956572)
1/24/2010 Security Update for Windows XP (KB956844)
1/24/2010 Security Update for Windows XP (KB961501)
1/24/2010 Security Update for Windows XP (KB971633)
1/24/2010 Security Update for Windows XP (KB973869)
1/24/2010 Security Update for Windows XP (KB975025)
1/24/2010 Security Update for Windows XP (KB952004)
1/24/2010 Security Update for Windows XP (KB974571)
1/24/2010 Security Update for Windows XP (KB973507)
1/24/2010 Windows Malicious Software Removal Tool - January 2010 (KB890830)
1/24/2010 Update for Windows XP (KB973687)
1/24/2010 Security Update for Windows XP (KB958687)
1/24/2010 Security Update for Windows XP (KB973354)
1/24/2010 Security Update for Windows XP (KB973904)
1/24/2010 Update for Windows XP (KB967715)
1/24/2010 Security Update for Windows XP Service Pack 3 (KB973540)
1/24/2010 Security Update for Windows XP (KB974392)
1/24/2010 Security Update for Windows XP (KB954459)
1/24/2010 Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297)
1/24/2010 Security Update for Windows XP (KB951748)
1/24/2010 Security Update for Windows XP (KB973768)
1/24/2010 Security Update for Windows XP (KB970238)
1/24/2010 Security Update for Windows XP (KB971486)
1/24/2010 Security Update for Windows XP (KB960803)
1/24/2010 Security Update for Windows XP (KB973815)
1/24/2010 Cumulative Security Update for ActiveX Killbits for Windows XP (KB973525)
1/24/2010 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB978207)
1/24/2010 Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688)
1/24/2010 Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295)
1/24/2010 Security Update for Windows XP (KB923561)
1/24/2010 Security Update for Jscript 5.7 for Windows XP (KB971961)
1/24/2010 Update for Windows XP (KB968389)
1/24/2010 Security Update for Windows XP (KB969947)
11/4/2009 Windows Update Agent 7.4.7600.226
12/20/2008 Windows XP Service Pack 3 (KB936929)
12/20/2008 Security Update for Windows XP (KB951376)
12/20/2008 Security Update for Windows XP (KB952954)
12/20/2008 Security Update for Windows XP (KB946648)
12/20/2008 Security Update for Windows XP (KB956803)
12/20/2008 Security Update for Windows XP Service Pack 2 (KB952069)
12/20/2008 Windows Internet Explorer 7 for Windows XP
12/20/2008 Update for Windows XP (KB955839)
12/20/2008 Cumulative Security Update for ActiveX Killbits for Windows XP (KB956391)
12/20/2008 Security Update for Windows XP (KB957095)
12/20/2008 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB958215)
12/20/2008 Windows Malicious Software Removal Tool - December 2008 (KB890830)
12/20/2008 Security Update for Windows XP (KB950974)
12/20/2008 Security Update for Windows XP (KB951698)
12/20/2008 Security Update for Windows XP (KB954211)
12/20/2008 Update for Windows XP Media Center Edition 2005 (KB926251)
12/20/2008 Security Update for Windows XP (KB956841)
12/20/2008 Security Update for Internet Explorer 6 for Windows XP (960714)
12/20/2008 Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366)
12/20/2008 Security Update for Windows XP with Windows Media Format Runtime 9.5 and 11 (KB941569)
12/20/2008 Security Update for Windows XP (KB950762)
12/20/2008 Security Update for Windows XP (KB957097)
12/20/2008 Security Update for Windows XP with Windows Media Format Runtime 9.5 (KB923689)
12/20/2008 Update for Windows XP (KB952287)
12/20/2008 Security Update for Outlook Express for Windows XP (KB951066)
12/20/2008 Security Update for Microsoft .NET Framework, Version 1.0 Service Pack 3 (KB930494)
12/20/2008 Security Update for Windows XP (KB938464)
12/20/2008 Security Update for Windows XP (KB954600)
12/20/2008 Security Update for Windows XP (KB958644)
12/20/2008 Security Update for Windows XP (KB955069)
12/20/2008 Security Update for Windows XP (KB956802)
12/20/2008 Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)
12/20/2008 Security Update for Windows XP (KB944338)
12/20/2008 Security Update for Windows Media Player 10 for Windows XP (KB936782)
11/22/2008 Windows Update Agent 7.2.6001.788
8/28/2008 Windows Update Agent 7.2.6001.784
8/14/2006 Security Update for Outlook Express for Windows XP (KB920214)
8/14/2006 Security Update for Windows XP (KB921883)
8/14/2006 Security Update for Windows XP (KB922616)
8/14/2006 Security Update for Windows XP (KB921398)
8/14/2006 Windows Malicious Software Removal Tool - August 2006 (KB890830)
8/14/2006 Cumulative Security Update for Internet Explorer for Windows XP (KB918899)
8/14/2006 Security Update for Windows XP (KB920670)
8/14/2006 Security Update for Windows XP (KB917422)
8/14/2006 Security Update for Windows XP (KB920683)
7/16/2006 Security Update for Windows XP (KB917159)
7/16/2006 Security Update for Windows XP (KB914388)
7/16/2006 Update for Windows XP (KB916595)
7/16/2006 Windows Malicious Software Removal Tool - July 2006 (KB890830)
7/3/2006 Windows Genuine Advantage Notification (KB905474)
6/17/2006 Security Update for Windows Media Player 10 for Windows XP (KB917734)
6/17/2006 Windows Malicious Software Removal Tool - June 2006 (KB890830)
6/17/2006 Security Update for Windows XP (KB918439)
6/17/2006 Security Update for Windows XP (KB917344)
6/17/2006 Security Update for Windows XP (KB917953)
6/17/2006 Security Update for Windows XP (KB911280)
6/17/2006 Cumulative Security Update for Internet Explorer for Windows XP (KB916281)
6/17/2006 Security Update for Windows XP (KB914389)
5/11/2006 Windows Malicious Software Removal Tool - May 2006 (KB890830)
5/11/2006 Security Update for Windows XP (KB913580)
5/9/2006 Security Update for Windows XP (KB911562)
5/9/2006 Update for Windows XP (KB900485)
5/9/2006 Update Rollup KB908250 for Update Rollup 2 for Microsoft Windows XP Media Center Edition 2005
5/9/2006 Windows Malicious Software Removal Tool - April 2006 (KB890830)
5/9/2006 Update for Windows XP Media Center Edition 2005 (KB913800)
5/9/2006 Cumulative Security Update for Internet Explorer for Windows XP (KB912812)
5/9/2006 Security Update for Windows XP (KB908531)
5/9/2006 Security Update for Windows Media Player 10 for Windows XP (KB911565)
5/9/2006 Cumulative Security Update for Outlook Express for Windows XP (KB911567)
4/9/2006 Windows Malicious Software Removal Tool - March 2006 (KB890830)
4/9/2006 Update for Windows XP Media Center Edition 2005 (KB910393)
4/9/2006 Security Update for Windows XP (KB913446)
4/9/2006 Security Update for Windows XP (KB911927)
4/9/2006 Security Update for Windows Media Player 10 for Windows XP (KB911565)
4/9/2006 Update for Windows XP (KB910437)
4/9/2006 Security Update for Windows XP (KB900725)
4/9/2006 Security Update for Windows XP (KB905749)
4/9/2006 Security Update for Windows XP (KB905414)
4/9/2006 Security Update for Windows XP (KB901017)
4/9/2006 Security Update for Windows XP (KB899589)
4/9/2006 Security Update for Windows XP (KB902400)
4/9/2006 Microsoft GDI+ Detection Tool (KB873374)
4/9/2006 Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB886903)
4/9/2006 Security Update for Microsoft .NET Framework, Version 1.0 Service Pack 3 (KB887998)
4/9/2006 Update for Windows XP (KB894391)
4/9/2006 Security Update for Windows XP (KB899587)
4/9/2006 Security Update for Windows XP (KB893756)
4/9/2006 Security Update for Windows XP (KB890859)
4/9/2006 Security Update for Windows XP (KB896428)
4/9/2006 Security Update for Windows XP (KB890046)
4/9/2006 Update for Windows XP (KB887742)
4/9/2006 Security Update for Windows XP (KB888302)
4/9/2006 Security Update for Windows XP (KB885836)
4/9/2006 Critical Update for Windows XP (KB886185)
4/9/2006 Critical Update for Office XP on Windows XP Service Pack 2 (KB885884)
4/9/2006 Windows Genuine Advantage Validation Tool (KB892130)
4/9/2006 Update for Windows XP (KB898461)
Battery
AC line Online
Battery full time Unknown
Battery Charge % 0 %
Battery State Unknown status
Amount of time remaining (sec) Unknown
Services
Running Application Layer Gateway Service
Running Automatic Updates
Running avast! Antivirus
Running Background Intelligent Transfer Service
Running COM+ Event System
Running COM+ System Application
Running CryptSvc
Running DCOM Server Process Launcher
Running DHCP Client
Running Distributed Link Tracking Client
Running DNS Client
Running Error Reporting Service
Running Event Log
Running Help and Support
Running HTTP SSL
Running Intel® PROSet/Wireless Event Log
Running Intel® PROSet/Wireless Registry Service
Running Intel® PROSet/Wireless Service
Running Intel® PROSet/Wireless SSO Service
Running IPSEC Services
Running Java Quick Starter
Running Lavasoft Ad-Aware Service
Running Machine Debug Manager
Running Media Center Extender Resource Monitor
Running Media Center Extender Service
Running Media Center Receiver Service
Running Media Center Scheduler Service
Running Network Connections
Running Network Location Awareness (NLA)
Running NICCONFIGSVC
Running Plug and Play
Running Print Spooler
Running Protected Storage
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running Remote Registry
Running Secondary Logon
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery Service
Running System Event Notification
Running System Restore Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Terminal Services
Running Themes
Running Universal Plug and Play Device Host
Running WebClient
Running Windows Audio
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Media Connect Service
Running Windows Time
Running Windows User Mode Driver Framework
Running Workstation
Stopped Alerter
Stopped Application Management
Stopped ASP.NET State Service
Stopped ClipBook
Stopped Computer Browser
Stopped Distributed Transaction Coordinator
Stopped Extensible Authentication Protocol Service
Stopped Fast User Switching Compatibility
Stopped Fax
Stopped Google Software Updater
Stopped Google Update Service (gupdate1c98bfb1cf4c428)
Stopped Google Update Service (gupdatem)
Stopped Health Key and Certificate Management Service
Stopped Human Interface Device Access
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped Logical Disk Manager
Stopped Logical Disk Manager Administrative Service
Stopped Messenger
Stopped MHN
Stopped MS Software Shadow Copy Provider
Stopped Net Logon
Stopped NetMeeting Remote Desktop Sharing
Stopped Network Access Protection Agent
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Performance Logs and Alerts
Stopped Portable Media Serial Number Service
Stopped QoS RSVP
Stopped QWAVE service
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Packet Capture Protocol v.0 (experimental)
Stopped Remote Procedure Call (RPC) Locator
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped Smart Card
Stopped Telnet
Stopped Uninterruptible Power Supply
Stopped Volume Shadow Copy
Stopped Windows Installer
Stopped Windows Management Instrumentation Driver Extensions
Stopped Wired AutoConfig
Stopped Wireless Zero Configuration
Stopped WMI Performance Adapter
Device Tree
ACPI Multiprocessor PC
Microsoft ACPI-Compliant System
Genuine Intel® CPU T2400 @ 1.83GHz
Genuine Intel® CPU T2400 @ 1.83GHz
ACPI Thermal Zone
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
ACPI Lid
ACPI Power Button
ACPI Sleep Button
System board
PCI bus
Mobile Intel® 955XM/945GM/PM/GMS/940GML Express Processor to DRAM Controller – 27A0
Intel® 82801G (ICH7 Family) PCI Express Root Port - 27D6
Intel® 82801G (ICH7 Family) SMBus Controller - 27DA
System board
System board
Mobile Intel® 945GM Express Chipset Family
Plug and Play Monitor
Plug and Play Monitor
Mobile Intel® 945GM Express Chipset Family
Plug and Play Monitor
Microsoft UAA Bus Driver for High Definition Audio
SigmaTel High Definition Audio CODEC
Conexant HDA D110 MDC V.92 Modem
Intel® 82801G (ICH7 Family) PCI Express Root Port - 27D0
Intel® PRO/Wireless 3945ABG Network Connection
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27C8
USB Root Hub
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27C9
USB Root Hub
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27CA
USB Root Hub
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27CB
USB Root Hub
Intel® 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC
USB Root Hub
Intel® 82801 PCI Bridge - 2448
Broadcom 440x 10/100 Integrated Controller
SDA Standard Compliant SD Host Controller
Ricoh MMC Host Controller
Ricoh Memory Stick Host Controller
Ricoh xD-Picture Card Host Controller
OHCI Compliant IEEE 1394 Host Controller
1394 Net Adapter
Intel® 82801GBM (ICH7-M) LPC Interface Controller - 27B9
ISAPNP Read Data Port
Synaptics PS/2 Port Pointing Device
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
System CMOS/real time clock
System timer
System speaker
System board
Programmable interrupt controller
Direct memory access controller
Numeric data processor
Intel® 82801GBM/GHM (ICH7-M Family) Serial ATA Storage Controller - 27C4
Primary IDE Channel
TOSHIBA MK4032GSX
Secondary IDE Channel
PHILIPS CDRW/DVD SCB5265
CPU
Intel Core Duo T2400
Cores 2
Threads 2
Name Intel Core Duo T2400
Code Name Yonah
Package Socket 479 mPGA
Technology 65nm
Specification Genuine Intel® CPU T2400 @ 1.83GHz
Family 6
Extended Family 6
Model E
Extended Model E
Stepping 8
Revision C0
Instructions MMX, SSE, SSE2, SSE3
Virtualization Supported, Disabled
Hyperthreading Not supported
Bus Speed 166.3 MHz
Rated Bus Speed 665.1 MHz
Stock Core Speed 1833 MHz
Stock Bus Speed 166 MHz
Average Temperature 35 °C
Caches
L1 Data Cache Size 2 x 32 KBytes
L1 Instructions Cache Size 2 x 32 KBytes
L2 Unified Cache Size 2048 KBytes
Core 0
Core Speed 997.5 MHz
Multiplier x 6.0
Bus Speed 166.3 MHz
Rated Bus Speed 665.1 MHz
Temperature 34 °C
Thread 1
APIC ID 0
Core 1
Core Speed 997.5 MHz
Multiplier x 6.0
Bus Speed 166.3 MHz
Rated Bus Speed 665.1 MHz
Temperature 35 °C
Thread 1
APIC ID 1
RAM
Memory slots
Total memory slots 2
Used memory slots 2
Free memory slots 0
Memory
Type DDR2
Size 1024 MBytes
Channels # Dual
DRAM Frequency 266.0 MHz
CAS# Latency (CL) 4 clocks
RAS# to CAS# Delay (tRCD) 4 clocks
RAS# Precharge (tRP) 4 clocks
Cycle Time (tRAS) 12 clocks
Bank Cycle Time (tRC) 16 clocks
Physical Memory
Memory Usage 40 %
Total Physical MB
Available Physical 600 MB
Total Virtual 2.00 GB
Available Virtual 1.90 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR2
Size 512 MBytes
Manufacturer Hyundai Electronics
Max Bandwidth PC2-4300 (266 MHz)
Part Number HYMP564S64BP6-C4
Serial Number 00003150
Week/year 12 / 06
SPD Ext. EPP
JEDEC #3
Frequency 266.7 MHz
CAS# Latency 5.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 9
tRC 12
Voltage 1.800 V
Slot #2
Type DDR2
Size 512 MBytes
Manufacturer Hyundai Electronics
Max Bandwidth PC2-4300 (266 MHz)
Part Number HYMP564S64BP6-C4
Serial Number 00007143
Week/year 12 / 06
SPD Ext. EPP
JEDEC #3
Frequency 266.7 MHz
CAS# Latency 5.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 9
tRC 12
Voltage 1.800 V
Motherboard
Manufacturer Dell Inc.
Model 0KD882
Chipset Vendor Intel
Chipset Model i945GM
Chipset Revision 03
Southbridge Vendor Intel
Southbridge Model 82801GHM (ICH7-M/U)
Southbridge Revision A1
System Temperature 38 °C
BIOS
Brand Dell Inc.
Version A03
Date 03/09/2006
PCI Data
Slot Unknown
Slot Type Unknown
Slot Usage Available
Data But Width 32 bit
Slot Designation PCMCIA 0
Slot Number 0
Graphics
Monitor
Name Plug and Play Monitor on Mobile Intel 945GM Express Chipset Family
Current Resolution 1680x1050 pixels
Work Resolution 1680x1016 pixels
State enabled, primary, output devices support
Monitor Width 1680
Monitor Height 1050
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Mobile Intel® 945GM Express Chipset Family
Memory 224 MB
Memory type 2
Driver version 6.14.10.4446
Mobile Intel® 945GM Express Chipset Family
Memory 224 MB
Memory type 2
Driver version 6.14.10.4446
Hard Drives
TOSHIBA MK4032GSX
Manufacturer TOSHIBA
Heads 16
Cylinders 16383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-6
48-bit LBA Supported
Serial Number 26DG0814T
Interface SATA
Capacity 37.6GB
Real size 38,502,535,680 bytes
RAID Type None
S.M.A.R.T
01 Read Error Rate 100 (096 worst) Data 0000000000
02 Throughput Performance 100 (100) Data 0000000000
03 Spin-Up Time 100 (100) Data 000000051C
04 Start/Stop Count 100 (100) Data 00000005B7
05 Reallocated Sectors Count 100 (100) Data 0000000000
07 Seek Error Rate 100 (100) Data 0000000000
08 Seek Time Performance 100 (100) Data 0000000000
09 Power-On Hours (POH) 094 (094) Data 0000000A4E
0A Spin Retry Count 129 (100) Data 0000000000
0C Device Power Cycle Count 100 (100) Data 000000055A
C0 Power-off Retract Count 100 (100) Data 0000000031
C1 Load/Unload Cycle Count 100 (100) Data 00000014BA
C2 Temperature 100 (100) Data 0000080025
C4 Reallocation Event Count 100 (100) Data 0000000000
C5 Current Pending Sector Count 100 (100) Data 0000000003
C6 Uncorrectable Sector Count 100 (100) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000002
DC Disk Shift 100 (100) Data 000000008B
DE Loaded Hours 094 (094) Data 000000096D
DF Load/Unload Retry Count 100 (100) Data 0000000000
E0 Load Friction 100 (100) Data 0000000000
E2 Load 'In'-time 100 (100) Data 00000000E2
F0 Head Flying Hours 100 (100) Data 0000000000
Temperature 37 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Size 39.1 MB
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter C:
File System NTFS
Volume Serial Number 8845219D
Size 31.2GB
Used Space 30.6GB (99%)
Free Space 557MB (1%)
Partition 2
Partition ID Disk #0, Partition #2
Size 4.64 GB
Optical Drives
PHILIPS CDRW/DVD SCB5265
Media Type CD-ROM
Name PHILIPS CDRW/DVD SCB5265
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 1
SCSI Target Id 0
Status OK
Audio
Sound Card
SigmaTel High Definition Audio CODEC
Playback Device
SigmaTel Audio
Recording Device
SigmaTel Audio
Peripherals
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device Kind Keyboard
Device Name Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Location plugged into keyboard port
Driver
Date 7-1-2001
Version 5.1.2600.2709
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Synaptics PS/2 Port Pointing Device
Device Kind Mouse
Device Name Synaptics PS/2 Port Pointing Device
Location plugged into PS/2 mouse port
Driver
Date 11-29-2005
Version 8.2.4.3
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\SynTP.sys
File C:\WINDOWS\system32\SynTPAPI.dll
File C:\WINDOWS\system32\SynTPFcs.dll
File C:\WINDOWS\system32\SynCOM.dll
File C:\WINDOWS\system32\SynCtrl.dll
File C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
File C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
File C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
File C:\Program Files\Synaptics\SynTP\SynZMetr.exe
File C:\Program Files\Synaptics\SynTP\SynMood.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
File C:\Program Files\Synaptics\SynTP\Tutorial.exe
File C:\Program Files\Synaptics\SynTP\InstNT.exe
File C:\Program Files\Synaptics\SynTP\SynISDLL.dll
File C:\Program Files\Synaptics\SynTP\SynUnst.ini
File C:\WINDOWS\system32\SynTPCo2.dll
Network
You are not connected to the internet
Computer Name
NetBIOS Name TIGER2
DNS Name tiger2
Domain Name TIGER2
Remote Desktop
Console
State Active
Domain TIGER2
WinInet Info
An internal error occurred.
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect Yes
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Adapters List
Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Network Shares
No network shares
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Speccy log indicates a nice cool laptop which is good.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall:
Ad-Aware *Good program just don't want to worry about it right now.
Adobe Reader 9.4.0 *obsolete. Should be Adobe 10. Get the latest at Adobe.com
BitTorrent 6.0 *P2P
DNA *P2P
Facebook Plug-In *Questionable
Google Update Helper *Sometimes causes problems
Java™ 6 Update 22 *obsolete. Should be 6 update 27 Get the latest Java at: http://www.java.com/en/ Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Media Center Extender *Throwing errors in your logs
Search Assist *Garbage
URL Assistant *Garbage
µTorrent *P2P
Wireshark 0.99.6a *Good program just don't want to worry about it right now.
WinPcap 4.0.1 *Good program just don't want to worry about it right now.

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [ECenter] c:\dell\E-Center\gtb.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Program Files\Google\Update
     
:Commands
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt If it found something please copy and paste the log.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


ipconfig /flushdns

netsh  winsock  reset catalog

netsh  int ip reset reset.log


(I use two spaces in the code box so you will be sure to see where 1 space goes.)


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. (Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted)

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Feel free to use multiple replies for your logs. The forum may choke if the logs are too big.

Ron

PS. Going on a trip on Monday which is why I am giving you so much to do. May not have Internet connections each night so replies may be delayed. Should be back Thursday or Friday.
  • 0

#7
Henry77

Henry77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Just about done. Here is the OTL log after the custom fix was run.

======================================================================

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
c:\Program Files\BAE\BAE.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
c:\Program Files\Google\GoogleToolbar2.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ECenter deleted successfully.
c:\dell\E-Center\GTB.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShowLOMControl deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier\ deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Hank\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Hank\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Hank\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Hank\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Hank\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Hank\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Hank\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Hank\Desktop\cmd.txt deleted successfully.
C:\Program Files\Google\Update\Install folder moved successfully.
C:\Program Files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB} folder moved successfully.
C:\Program Files\Google\Update\Download\{56DF6CCF-1D96-4A52-86AF-AC5032F017D0} folder moved successfully.
C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.65 folder moved successfully.
C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D} folder moved successfully.
C:\Program Files\Google\Update\Download folder moved successfully.
C:\Program Files\Google\Update\1.3.21.65 folder moved successfully.
C:\Program Files\Google\Update folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.28.0 log created on 09202011_122458

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#8
Henry77

Henry77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
-Nothing found on the Avast scan. If it matters, I haven't been able to update the virii database since this started.

-Signature Verification Results only found "omci.sys" in the win/sys32 folder. modified 2/13/2004, version 7.1.382.0

...currently running the disk check...
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
When you finish with the other stuff try manually updating avast:

http://www.avast.com/download-update
  • 0

#10
Henry77

Henry77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 21/09/2011 8:22:10 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/09/2011 11:16:10 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate1c98bfb1cf4c428) service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

=======================================================

Vino's Event Viewer v01c run on Windows XP in English
Report run at 21/09/2011 8:23:10 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/09/2011 8:03:34 AM
Type: error Category: 0
Event: 36866 Source: Media Center Extender Services
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


===================================================
  • 0

Advertisements


#11
Henry77

Henry77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
COMBO FIX LOG

===============================

ComboFix 11-09-21.02 - Hank 09/21/2011 8:33.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.515 [GMT -7:00]
Running from: c:\documents and settings\Hank\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\fileEdit.exe.50eb7ce1.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\003.exe.7aaf0750.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\003.exe.8e6ed58.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\003.exe.c50f9cd6.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\03.exe.eae09692.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\210.exe.6a43e352.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\caspol.exe.f62feae4.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\devenv.exe.6262e30a.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\DvcConn.exe.798476b.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\DvcSetup.exe.19dbfe79.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\DvcSetup.exe.5daa46d9.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\DvcSetup.exe.654bc716.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\DvcSetup.exe.7c441e7d.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\ehExtHost.exe.fa7bea74.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini.inuse
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Ex0301.exe.14d081ac.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Ex0301.exe.5974d099.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Ex0303.exe.b7f2272c.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Ex0304.exe.8982f9ec.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\EX0310.exe.a8a38c2c.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Ex0404.exe.8bed72d.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Ex0506.exe.b6438979.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\ex2.10.exe.3b6c1cd2.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Exam2.exe.13ee432f.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Example23.exe.8b9a264a.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Example23.exe.a56c363d.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Example23.exe.f2e4ca42.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Example24.exe.1d1020bf.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Exercise 2.1.exe.b1f5d512.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Exercise 2.3.exe.f6e5d92.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Exercise2.2.exe.61992cac.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Exercise2.3.exe.1fad66ae.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Exercise2.6.exe.5039bdd8.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Exercise2.6.exe.59ea14b4.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Exercise2.7.exe.17fe4eb6.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\fileEdit.exe.50eb7ce1.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\MyProject1.exe.2a42ba52.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Prog_prob3.exe.c98762fa.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\progprob_1.exe.9f9bd038.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\ProgrammingProblem2.exe.ea4ef01a.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\Project 5 (Rev).exe.756c595a.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\SL139.tmp.4640f769.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\SL33D.tmp.5b4ac996.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
c:\documents and settings\Hank\Local Settings\Application Data\ApplicationHistory\WindowsApplication1.exe.deea9738.ini
c:\windows\ehd_msi.log
c:\windows\kb913800.exe
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-08-21 to 2011-09-21 )))))))))))))))))))))))))))))))
.
.
2011-09-21 04:35 . 2001-08-17 21:56 1733120 ----a-w- c:\windows\system32\dllcache\g400d.dll
2011-09-21 04:35 . 2001-08-17 19:49 320384 ----a-w- c:\windows\system32\dllcache\g200m.sys
2011-09-21 04:35 . 2001-08-17 21:56 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2011-09-21 04:35 . 2001-08-17 19:15 454912 ----a-w- c:\windows\system32\dllcache\fxusbase.sys
2011-09-21 04:33 . 2001-08-17 20:28 595647 ----a-w- c:\windows\system32\dllcache\es56cvmp.sys
2011-09-21 04:32 . 2001-08-17 19:12 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys
2011-09-21 04:31 . 2001-08-18 05:36 27136 ----a-w- c:\windows\system32\dllcache\cyzcoins.dll
2011-09-21 04:30 . 2004-08-10 10:00 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2011-09-21 04:29 . 2001-08-17 20:47 6272 ----a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-09-21 04:28 . 2004-08-10 10:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2011-09-21 04:28 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-09-21 04:28 . 2004-08-10 10:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-09-21 04:28 . 2004-08-10 10:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-09-21 04:28 . 2004-08-10 10:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-09-21 04:28 . 2004-08-10 10:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2011-09-21 04:28 . 2004-08-10 10:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-09-21 04:28 . 2004-08-10 10:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2011-09-20 19:24 . 2011-09-20 19:24 -------- d-----w- C:\_OTL
2011-09-18 21:46 . 2011-09-18 21:46 -------- d-----w- c:\program files\Speccy
2011-08-30 03:24 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-30 03:24 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 03:03 . 2011-08-30 03:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 23:19 . 2011-07-22 23:19 1409 ----a-w- c:\windows\QTFont.for
2011-06-26 21:54 . 2011-06-15 03:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-03 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-9 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-2 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=sysaudio.sys
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Hank\\Desktop\\utorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1626:TCP"= 1626:TCP:Game
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2010 8:32 PM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/4/2010 8:32 PM 17744]
S2 gupdate1c98bfb1cf4c428;Google Update Service (gupdate1c98bfb1cf4c428);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
FF - ProfilePath - c:\documents and settings\Hank\Application Data\Mozilla\Firefox\Profiles\x4wz7dvz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-21 08:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1240)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Connect 2\wmccds.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-09-21 08:46:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-21 15:46
.
Pre-Run: 567,443,456 bytes free
Post-Run: 565,612,544 bytes free
.
- - End Of File - - CFFAF7B887FA2C4DD4AC2D843A60CCD9
  • 0

#12
Henry77

Henry77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
TDSS Killer Log

========================

2011/09/21 17:24:34.0250 3836 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/21 17:24:34.0500 3836 ================================================================================
2011/09/21 17:24:34.0500 3836 SystemInfo:
2011/09/21 17:24:34.0500 3836
2011/09/21 17:24:34.0500 3836 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/21 17:24:34.0500 3836 Product type: Workstation
2011/09/21 17:24:34.0500 3836 ComputerName: TIGER2
2011/09/21 17:24:34.0500 3836 UserName: Hank
2011/09/21 17:24:34.0500 3836 Windows directory: C:\WINDOWS
2011/09/21 17:24:34.0500 3836 System windows directory: C:\WINDOWS
2011/09/21 17:24:34.0500 3836 Processor architecture: Intel x86
2011/09/21 17:24:34.0500 3836 Number of processors: 2
2011/09/21 17:24:34.0500 3836 Page size: 0x1000
2011/09/21 17:24:34.0500 3836 Boot type: Normal boot
2011/09/21 17:24:34.0500 3836 ================================================================================
2011/09/21 17:24:36.0359 3836 Initialize success
2011/09/21 17:24:42.0093 3152 ================================================================================
2011/09/21 17:24:42.0093 3152 Scan started
2011/09/21 17:24:42.0093 3152 Mode: Manual;
2011/09/21 17:24:42.0093 3152 ================================================================================
2011/09/21 17:24:42.0906 3152 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/09/21 17:24:42.0984 3152 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/21 17:24:43.0046 3152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/21 17:24:43.0093 3152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/21 17:24:43.0140 3152 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/21 17:24:43.0187 3152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/21 17:24:43.0328 3152 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/21 17:24:43.0390 3152 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/09/21 17:24:43.0453 3152 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/21 17:24:43.0468 3152 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/21 17:24:43.0515 3152 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/21 17:24:43.0593 3152 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/21 17:24:43.0625 3152 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/21 17:24:43.0750 3152 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/21 17:24:43.0781 3152 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/21 17:24:43.0796 3152 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/21 17:24:43.0828 3152 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/21 17:24:43.0875 3152 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/09/21 17:24:43.0937 3152 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/21 17:24:43.0984 3152 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/21 17:24:44.0015 3152 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/21 17:24:44.0046 3152 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/21 17:24:44.0109 3152 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/09/21 17:24:44.0265 3152 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/09/21 17:24:44.0296 3152 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/09/21 17:24:44.0328 3152 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/09/21 17:24:44.0375 3152 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/09/21 17:24:44.0406 3152 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/09/21 17:24:44.0453 3152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/21 17:24:44.0468 3152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/21 17:24:44.0531 3152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/21 17:24:44.0593 3152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/21 17:24:44.0734 3152 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/09/21 17:24:44.0765 3152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/21 17:24:44.0812 3152 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/21 17:24:44.0828 3152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/21 17:24:44.0859 3152 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/21 17:24:44.0890 3152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/21 17:24:44.0921 3152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/21 17:24:44.0953 3152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/21 17:24:45.0031 3152 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/21 17:24:45.0078 3152 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/21 17:24:45.0109 3152 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/21 17:24:45.0171 3152 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/21 17:24:45.0296 3152 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/21 17:24:45.0343 3152 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/21 17:24:45.0390 3152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/21 17:24:45.0468 3152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/21 17:24:45.0562 3152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/21 17:24:45.0593 3152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/21 17:24:45.0718 3152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/21 17:24:45.0796 3152 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/21 17:24:45.0828 3152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/21 17:24:45.0859 3152 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/09/21 17:24:45.0890 3152 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/09/21 17:24:45.0921 3152 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/21 17:24:46.0000 3152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/21 17:24:46.0062 3152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/21 17:24:46.0125 3152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/21 17:24:46.0234 3152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/21 17:24:46.0296 3152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/21 17:24:46.0328 3152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/21 17:24:46.0375 3152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/21 17:24:46.0406 3152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/21 17:24:46.0468 3152 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/21 17:24:46.0531 3152 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/21 17:24:46.0593 3152 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/21 17:24:46.0703 3152 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/09/21 17:24:46.0781 3152 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/09/21 17:24:46.0875 3152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/21 17:24:46.0937 3152 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/21 17:24:46.0984 3152 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/21 17:24:47.0093 3152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/21 17:24:47.0203 3152 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/09/21 17:24:47.0296 3152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/21 17:24:47.0328 3152 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/21 17:24:47.0375 3152 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/21 17:24:47.0500 3152 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/21 17:24:47.0531 3152 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/21 17:24:47.0578 3152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/21 17:24:47.0625 3152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/21 17:24:47.0656 3152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/21 17:24:47.0687 3152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/21 17:24:47.0750 3152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/21 17:24:47.0796 3152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/21 17:24:47.0828 3152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/21 17:24:47.0953 3152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/21 17:24:47.0984 3152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/21 17:24:48.0109 3152 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/21 17:24:48.0171 3152 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/09/21 17:24:48.0203 3152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/21 17:24:48.0250 3152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/21 17:24:48.0296 3152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/21 17:24:48.0343 3152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/21 17:24:48.0453 3152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/21 17:24:48.0484 3152 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/21 17:24:48.0515 3152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/21 17:24:48.0625 3152 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/21 17:24:48.0671 3152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/21 17:24:48.0703 3152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/21 17:24:48.0781 3152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/21 17:24:48.0812 3152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/21 17:24:48.0859 3152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/21 17:24:48.0984 3152 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/21 17:24:49.0031 3152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/21 17:24:49.0046 3152 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/21 17:24:49.0109 3152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/21 17:24:49.0265 3152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/21 17:24:49.0312 3152 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/21 17:24:49.0328 3152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/21 17:24:49.0375 3152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/21 17:24:49.0500 3152 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/21 17:24:49.0578 3152 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/09/21 17:24:49.0609 3152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/21 17:24:49.0656 3152 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2011/09/21 17:24:49.0750 3152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/21 17:24:49.0781 3152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/21 17:24:49.0906 3152 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/21 17:24:50.0062 3152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/21 17:24:50.0093 3152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/21 17:24:50.0156 3152 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/21 17:24:50.0203 3152 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/09/21 17:24:50.0250 3152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/21 17:24:50.0265 3152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/21 17:24:50.0312 3152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/21 17:24:50.0328 3152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/21 17:24:50.0390 3152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/21 17:24:50.0421 3152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/21 17:24:50.0578 3152 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/21 17:24:50.0703 3152 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/21 17:24:50.0765 3152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/21 17:24:50.0796 3152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/21 17:24:50.0843 3152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/21 17:24:50.0875 3152 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/21 17:24:50.0906 3152 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/21 17:24:50.0937 3152 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/21 17:24:50.0953 3152 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/21 17:24:51.0015 3152 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/21 17:24:51.0062 3152 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/21 17:24:51.0171 3152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/21 17:24:51.0218 3152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/21 17:24:51.0281 3152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/21 17:24:51.0312 3152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/21 17:24:51.0343 3152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/21 17:24:51.0375 3152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/21 17:24:51.0421 3152 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/21 17:24:51.0468 3152 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/21 17:24:51.0500 3152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/21 17:24:51.0593 3152 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/09/21 17:24:51.0687 3152 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/09/21 17:24:51.0734 3152 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/09/21 17:24:51.0828 3152 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/09/21 17:24:51.0875 3152 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/21 17:24:51.0921 3152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/21 17:24:51.0968 3152 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/21 17:24:52.0000 3152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/21 17:24:52.0031 3152 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/09/21 17:24:52.0109 3152 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/09/21 17:24:52.0203 3152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/21 17:24:52.0312 3152 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/21 17:24:52.0359 3152 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/21 17:24:52.0390 3152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/21 17:24:52.0437 3152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/21 17:24:52.0515 3152 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/21 17:24:52.0562 3152 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/09/21 17:24:52.0593 3152 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/09/21 17:24:52.0687 3152 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/21 17:24:52.0828 3152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/21 17:24:52.0859 3152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/21 17:24:52.0921 3152 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/21 17:24:52.0937 3152 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/21 17:24:52.0968 3152 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/21 17:24:52.0984 3152 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/21 17:24:53.0078 3152 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/21 17:24:53.0125 3152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/21 17:24:53.0218 3152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/21 17:24:53.0343 3152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/21 17:24:53.0375 3152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/21 17:24:53.0406 3152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/21 17:24:53.0468 3152 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/09/21 17:24:53.0500 3152 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/09/21 17:24:53.0531 3152 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/09/21 17:24:53.0562 3152 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/09/21 17:24:53.0578 3152 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/09/21 17:24:53.0625 3152 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/09/21 17:24:53.0640 3152 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/09/21 17:24:53.0718 3152 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/09/21 17:24:53.0734 3152 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/09/21 17:24:53.0812 3152 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/21 17:24:53.0875 3152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/21 17:24:53.0921 3152 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/21 17:24:54.0000 3152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/21 17:24:54.0062 3152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/21 17:24:54.0078 3152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/21 17:24:54.0125 3152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/21 17:24:54.0156 3152 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/21 17:24:54.0234 3152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/21 17:24:54.0296 3152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/21 17:24:54.0359 3152 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/21 17:24:54.0421 3152 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/21 17:24:54.0453 3152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/21 17:24:54.0562 3152 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/09/21 17:24:54.0734 3152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/21 17:24:54.0828 3152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/21 17:24:54.0921 3152 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/21 17:24:55.0062 3152 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/21 17:24:55.0093 3152 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/21 17:24:55.0171 3152 MBR (0x1B8) (823ca895571a1d99983f2953dc6838e7) \Device\Harddisk0\DR0
2011/09/21 17:24:55.0187 3152 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR8
2011/09/21 17:24:55.0218 3152 Boot (0x1200) (c5cf54b428ad12f86270ba43fd4a0935) \Device\Harddisk0\DR0\Partition0
2011/09/21 17:24:55.0234 3152 Boot (0x1200) (f75a4891f21beda52589b1e628ef916b) \Device\Harddisk1\DR8\Partition0
2011/09/21 17:24:55.0234 3152 ================================================================================
2011/09/21 17:24:55.0234 3152 Scan finished
2011/09/21 17:24:55.0234 3152 ================================================================================
2011/09/21 17:24:55.0265 3248 Detected object count: 0
2011/09/21 17:24:55.0265 3248 Actual detected object count: 0
  • 0

#13
Henry77

Henry77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
aswMBR Log

========================

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-21 17:25:53
-----------------------------
17:25:53.984 OS Version: Windows 5.1.2600 Service Pack 3
17:25:53.984 Number of processors: 2 586 0xE08
17:25:53.984 ComputerName: TIGER2 UserName: Hank
17:25:54.812 Initialize success
17:25:55.312 AVAST engine defs: 11081701
17:26:58.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:26:58.937 Disk 0 Vendor: TOSHIBA_MK4032GSX AS212D Size: 36718MB BusType: 3
17:27:00.984 Disk 0 MBR read successfully
17:27:00.984 Disk 0 MBR scan
17:27:00.984 Disk 0 unknown MBR code
17:27:00.984 Disk 0 scanning sectors +75184200
17:27:01.093 Disk 0 scanning C:\WINDOWS\system32\drivers
17:27:10.718 Service scanning
17:27:12.250 Modules scanning
17:27:17.609 Scan finished successfully
17:27:36.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hank\Desktop\MBR.dat"
17:27:36.218 The log file has been saved successfully to "C:\Documents and Settings\Hank\Desktop\aswMBR.txt"
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Is it still freezing?

Ron
  • 0

#15
Henry77

Henry77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
No. Everything appears to be working normal.

What could you tell was the problem? I tried fixing this for a few weeks and could not figure it out.

Thanks!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP