[RKinner]

FixMBR is always enabled. Fix button only gets enabled when there is something it can fix.

What make and model PC is this?

Going off island in an hour or so. Won't be back until late tonight.

Ron

[Advertisements]

Reran it, it worked!

Results:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 21:44:22
-----------------------------
21:44:22.250 OS Version: Windows 5.1.2600 Service Pack 3
21:44:22.250 Number of processors: 2 586 0x604
21:44:22.250 ComputerName: DELL-F0B9E0AF3C UserName: Dell User
21:44:23.968 Initialize success
21:44:54.250 AVAST engine defs: 12012800
21:44:57.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:44:57.000 Disk 0 Vendor: WDC_WD5000AVVS-63M8B0 01.00A01 Size: 476940MB BusType: 3
21:44:57.015 Disk 0 MBR read successfully
21:44:57.015 Disk 0 MBR scan
21:44:57.015 Disk 0 Windows XP default MBR code
21:44:57.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
21:44:57.046 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 400652 MB offset 156232125
21:44:57.062 Disk 0 scanning sectors +976768065
21:44:57.156 Disk 0 scanning C:\WINDOWS\system32\drivers
21:45:11.812 Service scanning
21:45:14.234 Modules scanning
21:45:25.484 AVAST engine scan C:\WINDOWS
21:45:45.968 AVAST engine scan C:\WINDOWS\system32
21:53:20.796 AVAST engine scan C:\WINDOWS\system32\drivers
21:53:39.296 AVAST engine scan C:\Documents and Settings\Dell User
22:03:49.812 AVAST engine scan C:\Documents and Settings\All Users
22:05:00.015 Scan finished successfully
22:05:45.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dell User\Desktop\Computer Fix Jan 2012\MBR.dat"
22:05:45.234 The log file has been saved successfully to "C:\Documents and Settings\Dell User\Desktop\Computer Fix Jan 2012\aswMBR-finally clean.txt"

My computer: Dell Inc.

OptiPlex GX620
Service Tag 8PSDX81
Express Service Code 18973591921
Processor Intel® Pentium® D CPU 3.40GHz
Processor Speed 3.31 GHz
Memory (RAM) 3584 MB
Operating System Microsoft Windows XP Professional
Operating System Version 5.1.2600

I checked G drive -- no huge number of new files as is true on C drive. Continuing with rest of directions. Hope you enjoyed your time off the island.

Edited by ToniB, 28 January 2012 - 09:27 PM.

[ToniB]

Reran it, it worked!

Results:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 21:44:22
-----------------------------
21:44:22.250 OS Version: Windows 5.1.2600 Service Pack 3
21:44:22.250 Number of processors: 2 586 0x604
21:44:22.250 ComputerName: DELL-F0B9E0AF3C UserName: Dell User
21:44:23.968 Initialize success
21:44:54.250 AVAST engine defs: 12012800
21:44:57.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:44:57.000 Disk 0 Vendor: WDC_WD5000AVVS-63M8B0 01.00A01 Size: 476940MB BusType: 3
21:44:57.015 Disk 0 MBR read successfully
21:44:57.015 Disk 0 MBR scan
21:44:57.015 Disk 0 Windows XP default MBR code
21:44:57.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
21:44:57.046 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 400652 MB offset 156232125
21:44:57.062 Disk 0 scanning sectors +976768065
21:44:57.156 Disk 0 scanning C:\WINDOWS\system32\drivers
21:45:11.812 Service scanning
21:45:14.234 Modules scanning
21:45:25.484 AVAST engine scan C:\WINDOWS
21:45:45.968 AVAST engine scan C:\WINDOWS\system32
21:53:20.796 AVAST engine scan C:\WINDOWS\system32\drivers
21:53:39.296 AVAST engine scan C:\Documents and Settings\Dell User
22:03:49.812 AVAST engine scan C:\Documents and Settings\All Users
22:05:00.015 Scan finished successfully
22:05:45.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dell User\Desktop\Computer Fix Jan 2012\MBR.dat"
22:05:45.234 The log file has been saved successfully to "C:\Documents and Settings\Dell User\Desktop\Computer Fix Jan 2012\aswMBR-finally clean.txt"

My computer: Dell Inc.

OptiPlex GX620
Service Tag 8PSDX81
Express Service Code 18973591921
Processor Intel® Pentium® D CPU 3.40GHz
Processor Speed 3.31 GHz
Memory (RAM) 3584 MB
Operating System Microsoft Windows XP Professional
Operating System Version 5.1.2600

I checked G drive -- no huge number of new files as is true on C drive. Continuing with rest of directions. Hope you enjoyed your time off the island.

Edited by ToniB, 28 January 2012 - 09:27 PM.

[ToniB]

In the middle of following your instructions...

There's still a Java™ 6 Update 30. Leave or uninstall?

Also, you wrote:

" Adobe Reader 9.5.0 - Old adobe files are dangerous. Get the latest at adobe.com (Uncheck any foistware such as the McAfee Security Scan or the Yahoo toolbar before downloading.)
Adobe Flash Player 10 Plugin - Old adobe files are dangerous. Get the latest at adobe.com (use Firefox for the Plugin.)"

1) I have Adobe Flash Player 11 ActiveX. Ok to leave that?
2) What do you mean by use Firefox for the Plugin?
3) Do I do these updates now or after I complete the rest of the steps?

Edited by ToniB, 28 January 2012 - 09:27 PM.

[RKinner]

Your aswMBR looks clean now. Did you run the Combofix script yet?

Java™ 6 Update 30 is the latest so it can stay. Java currently has two parallel numbering systems. If you go to their site you get Java™ 6 Update 30. If you let something like Filehippo's update checker get your Java then you get Java™ 7 Update 2. No idea why. Java has a rather vague explanation on their site which sort of implies that the 7 series is beta.

1) I have Adobe Flash Player 11 ActiveX. Ok to leave that?
That's the current series tho there may be a fraction like 11.5 or something. You can check. They are supposed to update automatically. The ActiveX version is only used with IE so if you go to adobe.com with IE and download the latest flash you will get the ActiveX version.

2) What do you mean by use Firefox for the Plugin? The Plugin version of Flash is used with browsers other than IE so if you use Firefox to get the latest flash then you will get the latest plugin version.

3) Do I do these updates now or after I complete the rest of the steps? Up to you but unless you need them for something you can wait until we are done.

How are you doing reclaiming your hard drive?

[ToniB]

running combofix now (was out this am). It wanted to update to new version when it started & I let it -- hope that wasn't a problem. Computer is still freezing on every other start; last time the keyboard wouldn't work but after restart it's functioning again. Computer running pretty slow. Will post when done.

Haven't done anything to reclaim hardrive. Didn't want to until virus-free; also not sure how to best proceed. Got any suggestions? (still haven't determined what the 120 GB on G are from other than not showing on search as new files.)

[ToniB]

Combofix log below. One other thing is consistently strange although not sure it means anything -- every time I get onto IE (8) I have to tell it 3 times that I understand it's a secure site and that what I post won't be seen on the web even though I have the "don't tell me about this again" box checked.

Presume it's ok to let ad-aware update now?

ComboFix 12-01-29.02 - Dell User 01/29/2012 15:24:31.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2845 [GMT -5:00]
Running from: c:\documents and settings\Dell User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell User\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
FILE ::
"c:\documents and settings\DELL USER\RECENT\DOWNLOADS (4).LNK"
"c:\documents and settings\DELL USER\RECENT\DOWNLOADS(4).LNK"
"c:\windows\system32\drivers\22db.sys"
"c:\windows\system32\drivers\xcpip.sys"
"c:\windows\system32\drivers\xpsec.sys"
"c:\windows\system32\drivers\ykjissq.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DELL USER\RECENT\DOWNLOADS (4).LNK
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_22DB.SYS
-------\Service_22db.sys
-------\Service_uhiw
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-26 23:32 . 2012-01-26 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2012-01-26 23:32 . 2012-01-26 23:32 -------- d-----w- c:\program files\Autorun Eater
2012-01-26 03:23 . 2012-01-26 03:23 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-01-26 03:22 . 2012-01-26 03:22 -------- d-----w- c:\program files\AVG
2012-01-26 03:17 . 2012-01-27 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-01-26 00:30 . 2012-01-26 00:30 -------- d-----w- c:\program files\ESET
2012-01-19 21:10 . 2012-01-24 00:56 -------- d-----w- c:\documents and settings\Dell User\Application Data\ElevatedDiagnostics
2012-01-04 04:14 . 2012-01-04 04:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 13:18 . 2008-04-13 23:00 26112 ----a-w- c:\windows\system32\userinit.exe
2011-11-25 21:57 . 2008-04-13 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-13 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-13 23:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-13 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-13 23:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 10:54 . 2011-02-08 15:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 08:27 . 2011-02-08 15:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2008-04-13 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-13 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-13 23:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-13 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-13 23:00 1288704 ----a-w- c:\windows\system32\ole32.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-27_20.11.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-29 20:37 . 2012-01-29 20:37 16384 c:\windows\temp\Perflib_Perfdata_6e0.dat
+ 2010-08-08 01:16 . 2012-01-28 03:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-08 01:16 . 2012-01-26 00:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-08 01:16 . 2012-01-28 03:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-08-08 01:16 . 2012-01-26 00:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-28 03:25 . 2012-01-28 03:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-08-08 01:16 . 2012-01-26 00:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Free"="0" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-23 4355464]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-23 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-23 377248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Dell User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4456448]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Dell User\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/25/2011 9:23 PM 64512]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [8/7/2010 8:46 PM 902592]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [7/22/2011 10:10 PM 21992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 2:25 PM 2152152]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 11:33 AM 110592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 11:32 AM 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 11:32 AM 482304]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 2:25 PM 15232]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/13/2008 6:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 02:25]
.
2012-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1275210071-1177238915-1003Core.job
- c:\documents and settings\Dell User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-05 18:13]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1275210071-1177238915-1003UA.job
- c:\documents and settings\Dell User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-05 18:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://autos.aol.com/article/the-time-to-buy-snow-tires-was-yesterday/?icid=maing-grid7%7Cmain5%7Cdl8%7Csec1_lnk3%7C115222
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
Trusted Zone: richdadworld.com\www
Trusted Zone: toptenreviews.com\internet-browser-review
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 15:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Autorun Eater\billy.exe
.
**************************************************************************
.
Completion time: 2012-01-29 15:48:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-29 20:48
ComboFix2.txt 2012-01-27 20:13
.
Pre-Run: 1,378,168,832 bytes free
Post-Run: 1,448,972,288 bytes free
.
- - End Of File - - 731453D4BD28BFFF5A0B78939877DF8E

Edited by ToniB, 29 January 2012 - 03:07 PM.

[ToniB]

after restarting to begin checkdisk section the keyboard didn't work again so had to abort before eventvwr step. Tried to redo previous steps to "undo" the error-checking on restart but it didn't work so running the checkdisk now. I presume I can not let it make any changes & then go back to let it run the way it was supposed to?

Please let me know if there is anything I should do differently. This keyboard & sound malfunction is very new. Might there be something still lurking in the background?

[RKinner]

Let Check disk do its thing. Then try to do the other steps.

If this is the ad-aware that is also an anti-virus then don't let it do a scan as it will probably remove our tools.

[ToniB]

Let it run as you suggested. After 6 hours, check disk (ONLY C drive) procedure is only ~ 65% done. Hoping this isn't a going to be a major problem before it's done.
Any suggestions?

Wasn't able to disable Ad-aware as it was already into check disk process. It hasn't bothered the "tool programs" yet though.

Edited by ToniB, 29 January 2012 - 10:19 PM.

[RKinner]

Might as well let it finish. With a small drive like yours it shouldn't take so long but apparently whatever is slowing it down is still dragging it down. Could it be running hot?

When it finishes try speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. (at least it works for most newer PCs. Real old ones didn't have the sensors.) Under 40 C is normal for a desktop. Under 50 C for a laptop. Dust is the usual culprit tho a failing CPU fan can also be a fault.

[ToniB]

Will do (but it doesn't seem to be hot). I still think some bug is having a good time in there -- seems to literally be a pattern -- keyboard is disabled then keyboard & mouse, then boh work again.

Going further with your instructions.

[ToniB]

< 25 degrees C

[RKinner]

Don't think I've ever seen one that cool before. Did you just turn it on?

What kind of PC ( desktop or laptop, make and model) is this and are you using anything odd like a wireless mouse or keyboard?

I would still like to see the VEW logs after clearing out the logs and rebooting. You had an ominous error before:

The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

If this remains it can explain your slow performance.

[ToniB]

Here's the info on the computer -- sorry didn't post it in an easy way to see...

My computer: Dell Inc.

OptiPlex GX620
Service Tag 8PSDX81
Express Service Code 18973591921
Processor Intel® Pentium® D CPU 3.40GHz
Processor Speed 3.31 GHz
Memory (RAM) 3584 MB
Operating System Microsoft Windows XP Professional
Operating System Version 5.1.2600


It's a desktop.

It had been sitting running but idle. (I'm only doing your suggested steps on that one, communicating mostly from my laptop. When I last saw (before started Diskcheck with log this time) it was at 26 C. It's currently (after about an hour) at 35% of step 4 of 5 on chkdsk.

How do I show you the VEW logs? Nothing wireless on that one.

Edited by ToniB, 30 January 2012 - 12:46 PM.

[RKinner]

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

If you need to move the files to your laptop you can use a USB drive or if they are on the same network and you know how you can put the files in a Shared drive and map a network drive.