Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE8 & Safari VERY slow, computer lags, freezes


  • Please log in to reply

#31
ToniB

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Sorry you had to repost those last directions -- I had them but didn't realize what you were referring to.

2nd chkdsk also took about 6 - 7 hours. Have long log but not sure what any of it means. Assume VEW logs give you the info you need -- if you need me to post something else from there, please let me know.

Temp is still 26 - 27 degrees C. C: drive is still full, not sure how to proceed, wanted to wait on these results though so nothing gets reinfected.

from sigverif -- 3600 files found, 2366 signed, 5 unsigned, 1229 not scanned. Of the 5 that were unsigned, the latest modification was 6/6/11. All unsigned 5 files were in the [c:\windows\system32\spool\drivers\w32x86\3]

dopdf7.chm 5/26/2011 None Not Signed N/A
dopdf7.clg 6/6/2011 None Not Signed N/A
dopdf7.ctm 11/25/2010 None Not Signed N/A
dopdf7_de.lng 3/2/2011 None Not Signed N/A
dopdf7_en.lng 2/22/2011 None Not Signed N/A


VEW System Log
Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/01/2012 9:13:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/01/2012 8:54:12 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 30/01/2012 7:54:08 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.


VEW Application Log
Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/01/2012 9:14:36 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I think we are pretty much finished with malware but you can run ESET's online scan:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).


Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Ron
  • 0

#33
ToniB

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
About 1/4 of the way through ESET scan, going a lot slower than last time, probably because of the full hard drive. Wanted to ask because it's getting late here on the east coast.

So far it found 2 infections -- both variants of Win32/InstallCore.D Should I let it fix it when it's done (assuming I'm asked)? Anything else I should do differently from the last instructions in light of the computer still being infected?

Thanks!
  • 0

#34
ToniB

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
That's all it found. Wasn't quarantined. They are from CNET download. (new) I was typing your responses fast & wanted to check the spelling -- the site spellcheck led me to cnet download & I trusted the "virus free". Presume just deleting the temp files won't do it since I already ran the program.

Will continue with rest of instructions & see what happens unless I hear back from you.

Edited by ToniB, 31 January 2012 - 07:04 AM.

  • 0

#35
ToniB

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Think this was the first ESET file you were talking about...
C:\Documents and Settings\Dell User\Local Settings\temp\ICReinstall\cnet2_ieSpellSetup264573_exe[1].exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Dell User\Local Settings\Temporary Internet Files\Content.IE5\QS777EFZ\cnet2_ieSpellSetup264573_exe[1].exe a variant of Win32/InstallCore.D application

( I didn't have "FIX" enabled on ESET as it seemed like the instructions just wanted the log. SHould I re-run with "fix"?

From ESET log -- looks like it has both the last 2 logs... (The first was before I contacted you, which I mentioned in the "What I had done so far" list.

[email protected] as downloader log:
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=791fc5258d76b3458574aee6165fd311
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-26 02:46:02
# local_time=2012-01-25 09:46:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=317993
# found=12
# cleaned=12
# scan_time=7754
C:\Documents and Settings\Dell User\Application Data\Sun\Java\Deployment\cache\6.0\10\7c88068a-7f747bf6 Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Dell User\Application Data\Sun\Java\Deployment\cache\6.0\19\aa89693-32e841fe a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Dell User\Application Data\Sun\Java\Deployment\cache\6.0\30\2c7c219e-3037f78f probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Dell User\Application Data\Sun\Java\Deployment\cache\6.0\35\2b29fca3-356fe9bb a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Dell User\Application Data\Sun\Java\Deployment\cache\6.0\44\38e63bec-31cfb073 Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Dell User\Application Data\Sun\Java\Deployment\cache\6.0\51\4c81ed73-729cec1b probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Dell User\Application Data\Sun\Java\Deployment\cache\6.0\56\5ad4b738-42d49cdd Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Dell User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_001002 HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Dell User\My Documents\Downloads\cnet_winutilitiesfree_install_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Qoobox\Seagate Backup\All-newest 1-28-11\Dec2010DesktopAllexceptEigeneDateien\Every Stupid [bleep] Thing on The Desktop\media.player.codec.pack.v3.9.4.setup.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Qoobox\Seagate Backup\CHAPMAN-03\C\Gemeinsame Dateien\Dokumente und Einstellungen\The Family\Desktop\Every Stupid [bleep] Thing on The Desktop\media.player.codec.pack.v3.9.4.setup.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Qoobox\Seagate Backup\CHAPMAN-03\History\Level2\C with LOTS of MUSIC\Dokumente und Einstellungen\The Family\Desktop\media.player.codec.pack.v3.9.4.setup.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=791fc5258d76b3458574aee6165fd311
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-31 07:38:10
# local_time=2012-01-31 02:38:10 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 359419 359419 0 0
# scanned=270469
# found=2
# cleaned=0
# scan_time=15427
C:\Documents and Settings\Dell User\Local Settings\temp\ICReinstall\cnet2_ieSpellSetup264573_exe[1].exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Dell User\Local Settings\Temporary Internet Files\Content.IE5\QS777EFZ\cnet2_ieSpellSetup264573_exe[1].exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I


From Bit defender...

QuickScan 32-bit v0.9.9.105
---------------------------
Scan date: Tue Jan 31 09:32:14 2012
Machine ID: BC6CA126



No infection found.
-------------------



Processes
---------
Acronis Scheduler 2 1528 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
Acronis True Image 3140 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
Acronis True Image 3132 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
Ad-Aware Service Application 1312 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
Ad-Aware Tray Application 3460 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Billy The Goat 3552 C:\Program Files\Autorun Eater\billy.exe
Bonjour 1592 C:\Program Files\Bonjour\mDNSResponder.exe
Cyberlink PowerDVD 3272 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
DivX Update 3340 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
GrooveMonitor Utility 3280 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
Intel® Common User Interface 1668 C:\WINDOWS\system32\hkcmd.exe
Java™ Platform SE 6 U30 1772 C:\Program Files\Java\jre6\bin\jqs.exe
Microsoft Office OneNote 3704 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Microsoft® Windows® Operating System 3632 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Microsoft® Windows® Operating System 1708 C:\WINDOWS\system32\wbem\unsecapp.exe
MobileDeviceService 1560 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Old McDonald 3320 C:\Program Files\Autorun Eater\oldmcdonald.exe
SMax4PNP Application 3064 C:\Program Files\Analog Devices\Core\smax4pnp.exe
SpeedFan 2512 C:\Program Files\SpeedFan\speedfan.exe
WD Drive Manager 1860 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
WD Drive Manager 2972 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WD File Management Engine 2008 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
WD Shadow Copy Service 388 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(verified) Acronis Scheduler Helper 3216 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(verified) Intel® Common User Interface 3068 C:\WINDOWS\system32\igfxpers.exe
(verified) Microsoft® Windows® Operating System 1336 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 1928 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 620 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3416 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 700 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 444 C:\WINDOWS\system32\searchindexer.exe
(verified) Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 504 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1396 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 1076 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1020 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 944 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 864 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1492 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1820 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1240 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1176 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1748 C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 644 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 2888 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 812 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 524 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 1796 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2332 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (812) connected on port 80 (HTTP) --> 69.171.224.11
Process iexplore.exe (812) connected on port 80 (HTTP) --> 72.14.204.138
Process iexplore.exe (812) connected on port 80 (HTTP) --> 72.247.242.56
Process iexplore.exe (812) connected on port 443 (HTTP over SSL) --> 72.14.204.95
Process iexplore.exe (812) connected on port 80 (HTTP) --> 72.247.242.49
Process iexplore.exe (812) connected on port 80 (HTTP) --> 66.235.142.57
Process iexplore.exe (812) connected on port 80 (HTTP) --> 91.199.104.31
Process AAWService.exe (1312) connected on port 80 (HTTP) --> 70.38.25.72
Process iexplore.exe (2332) connected on port 443 (HTTP over SSL) --> 72.14.204.100
Process iexplore.exe (2332) connected on port 443 (HTTP over SSL) --> 72.14.204.100
Process iexplore.exe (2332) connected on port 80 (HTTP) --> 72.14.204.101
Process iexplore.exe (2332) connected on port 443 (HTTP over SSL) --> 72.14.204.101
Process iexplore.exe (2332) connected on port 443 (HTTP over SSL) --> 72.14.204.120
Process iexplore.exe (2332) connected on port 80 (HTTP) --> 72.14.204.95
Process iexplore.exe (2332) connected on port 80 (HTTP) --> 209.85.143.120
Process iexplore.exe (2332) connected on port 80 (HTTP) --> 72.14.204.95

Process svchost.exe (864) listens on ports: 3389 (Terminal Server)
Process svchost.exe (944) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Acronis True Image C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
Acronis True Image C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Cyberlink PowerDVD C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe
GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe
Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll
Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Microsoft® Windows® Operating System C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Old McDonald C:\Program Files\Autorun Eater\oldmcdonald.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
SMax4PNP Application C:\Program Files\Analog Devices\Core\smax4pnp.exe
WD Drive Manager C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
Windows® Search C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
(verified) Acronis Scheduler Helper C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(verified) Ahead Software Gmbh NeroCheck C:\WINDOWS\system32\NeroCheck.exe
(verified) Google Update C:\Documents and Settings\Dell User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe
(verified) Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
DellSystem C:\WINDOWS\Downloaded Program Files\DellSystem.dll
DivX VOD Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
Google Update C:\Documents and Settings\Dell User\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
Java™ Platform SE 6 U30 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll


Missing files
-------------
File not found: 0
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"Wisdom-soft ScreenHunter 5.1 Free"


Scan
----
MD5: 43969937ae8c7a8f519997352390b83a C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll
MD5: 41d2a53193fad738be01cfa7972e0e64 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll
MD5: 2eb3c11a938886b8993d99f4a7e222df C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MD5: 074c425a1675864cd9ac2d49ae93810f C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
MD5: bdd09926ab148e27f46bf86d73d8dafe C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MD5: 6732584bdd9b2483081129ff96bda68f C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll
MD5: a2d08e62a0624b866d90ccc9e2fef684 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
MD5: 4156ef36caf27c44ac866c35c1e82516 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
MD5: 9722bca94e6a00f35448d199fb0a3882 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
MD5: 1a20f6ccf6fcc73cbee1449d31440898 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
MD5: 5fee412320f4ac5ef791d6783140f919 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll
MD5: 5b4ed5e0555949b6249c885c27cd6da2 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
MD5: 6f05fef2be14d8f4c1726b8241e914b0 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
MD5: 76f247f3895922024629ec1ff59009a8 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
MD5: ca6bbb4d4464ddc635016b5f38662690 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
MD5: 8c092726ac779d469d39365d12d00c1b C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
MD5: 193a3325fb26fa391d80da83fb0b40b8 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MD5: 27626506e07795bb6357f7f2ef78a90b C:\Documents and Settings\Dell User\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
MD5: 7e7eb7aff595774e5e500b34058cc1a7 C:\Documents and Settings\Dell User\Local Settings\temp\sfamcc00001.dll
MD5: b0c5f70b896e18a5d9dae1a1fbd9526a C:\Documents and Settings\Dell User\Local Settings\temp\sfareca00001.dll
MD5: cbe20a66a9d86a8f90de494ff5ae613b C:\Program Files\Acronis\TrueImageHome\Common\gc.dll
MD5: 23a77ad2f9bf6a6a876a2d856a84b4c2 C:\Program Files\Acronis\TrueImageHome\Common\icudt38.dll
MD5: a0664a11eb3216974fde84e207e9a03d C:\Program Files\Acronis\TrueImageHome\Common\resource.dll
MD5: 0cbc63f216ea85e399ffc66101c31f58 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
MD5: ad1d53eb6e7570be95ee3aadbef00ce7 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 10247c15d999cc116c87da36bd0ad64d C:\Program Files\Analog Devices\Core\smax4pnp.exe
MD5: 17cc0a9b3abb69ed96d1eeb8117df856 C:\Program Files\Analog Devices\Core\SMWDMIF.dll
MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: c5f6eca94ad8cfd054f6d14f14972026 C:\Program Files\Autorun Eater\billy.exe
MD5: 175fb9a3eb526fcf2cb60cbc3132a8e5 C:\Program Files\Autorun Eater\oldmcdonald.exe
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 874a0383bc8148aa4141bba6b50eadc0 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
MD5: 8a3ba48b5be893e1d81bfac17a3c1b1f c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: a99783ada78e538fc9f5e7d9c21b33d2 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 605c6370240fc79cadbcd34960a741d2 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: f7dd2d785280db73dc9060f80361befb C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 73862ff693168369a90f046e7f227b83 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 0eee814627f4384291687671f76419f6 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 8b22cf51b907e3a221267cf1e502993a C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: 42cdfb2273eec623b903c311b19fb484 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: 2424231bbd703a677d115c29983b4293 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: a0c2cb21f4b521429f033fdeb18d63d7 C:\Program Files\Common Files\System\directdb.dll
MD5: 186c9d39541cc0dffcc454f79aa0b0bf C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
MD5: b938c1ae3adce166190895685b0beb0d C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
MD5: 0734c95492371d092367f2f3af794a0d C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
MD5: 7636713b4f0944045ab4af7ced5245ab C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MD5: 7726c681f89f51d1d03f5dec2538da7b C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MD5: 69a3f07fad1fed82fb70b561593bbf54 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 53fe2d34b143efdb80685281e751b91c C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 89b42ab664ddd9d69f1a7cb94f0d5985 C:\Program Files\Internet Explorer\xpshims.dll
MD5: ca1972397b845b2f53f5dc63c22fd98a C:\Program Files\iPod\bin\iPodService.exe
MD5: ef900ef15f71bb7ac415bd5cef90b56d C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: 9aa67569d5257462e230767510b0c815 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: ccc24faa47c47e66be61bf22603c5e3a C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 4d99fca201b72e0f2ca996e357baa170 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
MD5: 4566bbe928ef23e1c5a55d02d64c2872 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
MD5: 5608e451b9d69b548103ba9cf39a3527 C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
MD5: 944cd511be9b0e55b8458842d60c738c C:\Program Files\Lavasoft\Ad-Aware\ceapi.dll
MD5: 6c4a3804510ad8e0f0c07b5be3d44ddb C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
MD5: f88c94d2469c34b98ddd639f37588f90 C:\Program Files\Lavasoft\Ad-Aware\lavalicense.dll
MD5: bc404941d7ce1f816825bfdb33bfd77d C:\Program Files\Lavasoft\Ad-Aware\lavamessage.dll
MD5: 2a66bb1f9d9ed7a8bcd58e505bb3ed3c C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
MD5: 8f12ea9218ee07feb36b11850305eeab C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MD5: 86bf40f2ab08be8b358738a04715b55a C:\Program Files\Lavasoft\Ad-Aware\SBTE.dll
MD5: a1155047afa986eed03d1d87cf56a08f C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MD5: a78beb06bca7fd37034fc910a55231a0 C:\Program Files\Lavasoft\Ad-Aware\viprebridge.dll
MD5: 1843e81fa7acfff4344a7dd4328d7da0 C:\Program Files\Microsoft Office\Office12\1033\ONINTL.DLL
MD5: 123271bd5237ab991dc5c21fdf8835eb C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
MD5: 533aecd1b5356870ae2d905b4d3b42b7 C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
MD5: 0e34b7bb1fcf22bcc1e394d16f9e992b C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
MD5: 30efebdc960a482e3e188b9960b286e2 C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL
MD5: 30db64d316f502558db2380f7343c9fd C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MD5: d8c2b95bc2353e1f18850d6b8f5dba13 C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MD5: 207204af80505af51271fe164b56f662 C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
MD5: ce6db25ffa35fd051c503f11db745862 C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: 116aa2b169abd0b620961caff0aeac84 C:\Program Files\Outlook Express\msoeres.dll
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe
MD5: a470cc40b031a0ee22017fba72898a12 C:\Program Files\SpeedFan\speedfan.exe
MD5: 7b37f8ec25c9ad853e8126c1d0992201 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\msvcm90.dll
MD5: 7b37f8ec25c9ad853e8126c1d0992201 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\msvcm90.dll
MD5: 0be914c883471e9f728e9e690d51bdec C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\sqlceer35EN.DLL
MD5: 063aa78559ccd459e8613a727ee1cbe4 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\sqlceme35.dll
MD5: 30b8190c119ee82a2fea935c82f90bf8 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\sqlceqp35.dll
MD5: f400387a9f86ca917d89e53d46deb02e C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\sqlcese35.dll
MD5: 156fde0e85025d180598e8fbd4db3d23 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SqlServerCe.dll
MD5: 5bb2ed6a1070001038276c814bc8c1de C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MD5: f80be707cffd38099c2a888e18a91e5f C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFMEIPC.dll
MD5: f80be707cffd38099c2a888e18a91e5f C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFMEIPC.dll
MD5: 3ba6faf9276294285b88c2e6c85a4a09 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MD5: f36acaa08eb44355cf98955993eb75b4 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll
MD5: 686b224b4987c22b153fbb545fee9657 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
MD5: 997f2e3b66f1a987dee83947fb40a033 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
MD5: 3f75189dc77459f51d0a39787de6fc19 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
MD5: f2ece68acf2c051effb305708c3aefa9 C:\Program Files\Windows Desktop Search\dbres.dll
MD5: e8a3670314b3ddfe6dd18c4b501a9476 C:\Program Files\Windows Desktop Search\deskbar.dll
MD5: 2a0b76fcc5138ac0321a01766c980387 C:\Program Files\Windows Desktop Search\en-us\dbres.dll.mui
MD5: 0e28e671281ebf1f1f8fe093d2bd4a7b C:\Program Files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
MD5: 56183fb6413b7c5cb42b8ac1541a4ee8 C:\Program Files\Windows Desktop Search\en-us\WindowsSearchRes.dll.mui
MD5: 2996faeca864ee4938aa247b2386a69b C:\Program Files\Windows Desktop Search\msnlExtRes.dll
MD5: 994ad0d8550b8b26990a6e3aa0791502 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
MD5: f23a5d407b753f2e5e2bb6a95ab6d12b C:\Program Files\Windows Desktop Search\WdsMktTools.dll
MD5: 2c2830b08045e2a1c1930eb064a8fac0 C:\Program Files\Windows Desktop Search\wdsShell.dll
MD5: b5c9f63c01fcfec3f64ec6a0940a1825 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
MD5: cbfd0fb0a9491ed3f1bab4c64a04d2f1 C:\Program Files\Windows Desktop Search\WindowsSearchRes.dll
MD5: b5b27b057b97a947c31b41f0ef3b4d44 C:\Program Files\Windows Desktop Search\wordwheel.dll
MD5: 16f96c1496cbd0965285ab19a9271d02 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MD5: f054572a92573ca32d5f3aa8c15d2bac C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MD5: 2849f13593d2712ccb97ffbdd3c1232e C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MD5: 516fd7927172bbbe2d335ea94d816b9e C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MD5: a093e1fd3d1338d3c0ef45df07e18462 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MD5: ff867e6d71a16c4d53b4672654232310 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MD5: f4053754c32b3af6f64b321caf2bde50 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
MD5: 025debd5c035eab50ccb63aa2dc2c3e0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MD5: e26d6062aaba181a666636eaed07189a C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MD5: 44a6eed699f721f3cdd779c5eac0bfab C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MD5: 01d92f377f7afa834b4a3be41a28fd17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MD5: 7400c2b29c0024ebc98b94f3ae6034d5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MD5: ef31c803666cb694de51e69018a0dbda C:\WINDOWS\Downloaded Program Files\DellSystem.dll
MD5: bb7fcdcd4de287340b5c1bb1949ad3c6 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 219af0f9a54ebeeb3e7e20025d801034 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
MD5: 860fad57b4668a9f5f350a9d5444ae89 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
MD5: 2bac92e8ac5e16ed60062e9141b8d5f6 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: f282d4edd85d53e20d902cc92190c5f5 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
MD5: bf88feadc7786ea328bdcc5cb116de89 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 36ba8022693af7e967359ff3f97531d7 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll
MD5: 35a936c7c029a5b705d3ffd40518d660 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: f64fd5c7fef7fc25cba37974ff3584d7 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\system32\CRYPT32.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: 78e862846112347eee8214b649ae563f C:\WINDOWS\system32\dispex.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\WINDOWS\system32\dnssd.dll
MD5: 8879f2a6068b528a167597e137a32402 C:\WINDOWS\system32\dopdfmn7.dll
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 3a3a82ffd268bcfb7ae6a48cecf00ad9 C:\WINDOWS\system32\DRIVERS\b57xp32.sys
MD5: c2eb4539a4f6ab6edd01bdc191619975 C:\WINDOWS\system32\drivers\cpuz135_x32.sys
MD5: 336abe8721cbc3110f1c6426da633417 C:\WINDOWS\system32\DRIVERS\Lbd.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 664469f03c955e851c5de58eea233f5a C:\WINDOWS\system32\DRIVERS\tdrpm228.sys
MD5: 6dcb8ddb481cd3c40fa68593723b4d89 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
MD5: 83cafcb53201bbac04d822f32438e244 C:\WINDOWS\System32\Drivers\usbaapl.sys
MD5: b9d2d59ff389a8c824308a08665c97f2 C:\WINDOWS\system32\EDCrypt.DLL
MD5: ffb3115aa757abefba7fba90bad5dd0a C:\WINDOWS\system32\en-us\tQuery.dll.mui
MD5: 77ebf3e9386daa51551af429052d88d0 C:\WINDOWS\system32\giveio.sys
MD5: b9da7b8ca4601625ca9264cd846ac576 C:\WINDOWS\system32\hccutils.DLL
MD5: d9f3db62d1b361d82cd82a347ea6218d C:\WINDOWS\system32\hkcmd.exe
MD5: 0b8fb29cda02015448c9f5260a013f19 C:\WINDOWS\system32\IEFRAME.dll
MD5: 515aaa9c87d5c475b06dfeba3706d74f C:\WINDOWS\system32\iepeers.dll
MD5: 1ab894fa897e26b23ca53beed72f61f4 C:\WINDOWS\system32\iertutil.dll
MD5: a58241451a149929a679c82fa934ef81 C:\WINDOWS\system32\igfxdev.dll
MD5: 57aa18b2896055e8cb269b19dd85e7f3 C:\WINDOWS\system32\INETCOMM.dll
MD5: b6932761058dc21beaa7a1245b1b20e6 C:\WINDOWS\system32\infosoft.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: de2fb32a9ec98b8f1b9a2b869af5d269 C:\WINDOWS\system32\l3codecx.ax
MD5: bd007d624e4cd905ab2e8df2c6de891c C:\WINDOWS\system32\Macromed\Flash\Flash11c.ocx
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL
MD5: 561b3e96164c918e0564cab3d21ce871 C:\WINDOWS\system32\msfeeds.dll
MD5: dd8d655e1881b70a5259a23a6018a6c2 C:\WINDOWS\system32\mshtml.dll
MD5: 85ac5f11d4759d13674b3e92eac3f140 C:\WINDOWS\system32\msident.dll
MD5: 7ed041c7f82a381417aa3f43ab55f95a C:\WINDOWS\system32\msidntld.dll
MD5: c52ce534397e1d3a442fb4c88a3cbe42 C:\WINDOWS\system32\msonpmon.dll
MD5: 6e914eedd145c5acce56f4d5f3d606fc C:\WINDOWS\system32\mssph.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: d59a7119054d70fc745a1bf9c06dcc65 C:\WINDOWS\system32\oeph.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\oleacc.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: b2cf9f1f606dec23f70a40b01df3c396 C:\WINDOWS\system32\printui.dll
MD5: 34ffb6aba2da398bb33422e1e9275ba9 C:\WINDOWS\system32\quartz.dll
MD5: c7c84df7233f4834cd190f3dccaf50ca C:\WINDOWS\system32\rdpwsx.dll
MD5: a645a78fcdabad67067324d7e6cd9f79 C:\WINDOWS\system32\schannel.dll
MD5: 63ae668f783df28772d200f41cb40873 C:\WINDOWS\system32\scrobj.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 3fa2e254bfbce52b3c6f1bf23aab6911 C:\WINDOWS\system32\speedfan.sys
MD5: 741b6b597e8c99e1938809f64f7bf13c C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
MD5: 3182f47a67f86b5dd991e0fb7659d0e3 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL
MD5: 77a54bdfbad4604e6131ae68e3cf76d6 C:\WINDOWS\system32\srclient.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll
MD5: ba8fdf82d0b1316d5eaf60f5a0498de1 C:\WINDOWS\system32\uncdms.dll
MD5: 496ce99bbbb7680323921df30b405c36 C:\WINDOWS\system32\urlmon.dll
MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll
MD5: e837fdbb92e9873e538395b623f45462 C:\WINDOWS\system32\wbem\cimwin32.dll
MD5: 4306fa2f1099d7c606139255fdb62b19 C:\WINDOWS\system32\wbem\framedyn.dll
MD5: c7000f2db2a5515c64c257478769a481 C:\WINDOWS\system32\wbem\unsecapp.exe
MD5: 880f7ed2df24db14af96c6d797958796 C:\WINDOWS\system32\wbem\wbemdisp.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll
MD5: 552263502ea8c24d301a0c43ff90b3ed C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: 5caf91e865fe0c85048a233e594544d2 c:\windows\system32\WUDFPlatform.dll
MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 0.76 KB recvd
Scanned 695 files and modules - 42 seconds

==============================================================================

Process Explorer file (I had a REALLY hard time downloading this file -- kept hanging after about 15%. I had to do it on my laptop then email it over.)

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 98.44 0 K 28 K
procexp.exe 956 0.78 12,692 K 75,980 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 0.78 0 K 0 K Hardware Interrupts and DPCs
wmiprvse.exe 1208 2,420 K 27,636 K WMI Microsoft Corporation
winlogon.exe 644 8,160 K 3,164 K Windows NT Logon Application Microsoft Corporation
WindowsSearch.exe 3632 5,868 K 53,724 K Windows Search System Tray Microsoft Corporation
WDSC.exe 388 11,328 K 49,300 K WD Shadow Copy
WDFME.exe 2008 79,448 K 127,372 K WD File Management Engine
WDDMStatus.exe 2972 3,616 K 31,820 K WD Drive Manager WDC
WDDMService.exe 1860 76,344 K 95,532 K WD Drive Manager Service WDC
unsecapp.exe 1708 2,228 K 26,732 K WMI Microsoft Corporation
TrueImageMonitor.exe 3132 6,016 K 34,040 K Acronis True Image Monitor Acronis
TimounterMonitor.exe 3140 1,976 K 28,056 K Monitor for Acronis True Image Backup Archive Explorer Acronis
System 4 0 K 232 K
svchost.exe 1820 2,464 K 28,004 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 864 2,828 K 30,044 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 944 1,960 K 27,156 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1076 2,384 K 22,800 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1176 2,004 K 22,100 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1240 1,364 K 24,444 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1492 1,336 K 28,204 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 4032 10,832 K 40,548 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1396 3,932 K 33,172 K Spooler SubSystem App Microsoft Corporation
speedfan.exe 2512 7,888 K 36,608 K Almico Software (www.almico.com)
smss.exe 504 172 K 928 K Windows NT Session Manager Microsoft Corporation
smax4pnp.exe 3064 2,588 K 23,256 K SMax4PNP MFC Application Analog Devices, Inc.
services.exe 688 2,956 K 9,408 K Services and Controller app Microsoft Corporation
searchindexer.exe 444 21,220 K 46,700 K Microsoft Windows Search Indexer Microsoft Corporation
schedul2.exe 1528 980 K 18,748 K Acronis Scheduler 2 Acronis
schedhlp.exe 3216 800 K 19,112 K Acronis Scheduler Helper Acronis
PDVDDXSrv.exe 3272 1,700 K 32,812 K CyberLink PowerDVD Resident Program CyberLink Corp.
ONENOTEM.EXE 3704 728 K 21,124 K Microsoft Office OneNote Quick Launcher Microsoft Corporation
oldmcdonald.exe 3320 7,788 K 29,024 K Old McDonald Old McDonald's Farm
mDNSResponder.exe 1592 1,080 K 10,372 K Bonjour Service Apple Inc.
lsass.exe 700 4,292 K 2,688 K LSA Shell (Export Version) Microsoft Corporation
jqs.exe 1772 2,304 K 1,404 K Java™ Quick Starter Service Sun Microsystems, Inc.
igfxpers.exe 3068 688 K 12,584 K persistence Module Intel Corporation
iexplore.exe 3960 11,008 K 2,032 K Internet Explorer Microsoft Corporation
iexplore.exe 1060 49,672 K 116,068 K Internet Explorer Microsoft Corporation
hkcmd.exe 1668 724 K 12,376 K hkcmd Module Intel Corporation
GrooveMonitor.exe 3280 2,160 K 31,832 K GrooveMonitor Utility Microsoft Corporation
explorer.exe 1336 31,212 K 78,192 K Windows Explorer Microsoft Corporation
DivXUpdate.exe 3340 3,120 K 33,996 K DivX Update
ctfmon.exe 3416 928 K 21,100 K CTF Loader Microsoft Corporation
csrss.exe 620 1,804 K 8,076 K Client Server Runtime Process Microsoft Corporation
billy.exe 3552 6,024 K 25,868 K Billy The Goat Old McDonald's Farm
AppleMobileDeviceService.exe 1556 10,040 K 52,704 K MobileDeviceService Apple Inc.
alg.exe 1928 1,176 K 25,564 K Application Layer Gateway Service Microsoft Corporation
AAWTray.exe 3460 2,496 K 21,580 K Ad-Aware Tray Application Lavasoft Limited
AAWService.exe 1312 66,960 K 93,476 K Ad-Aware Service Application Lavasoft Limited

Attached Files


Edited by ToniB, 31 January 2012 - 10:32 AM.

  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Sorry. I did lose you somehow.

The only thing I can see that looks bad is:

An error was detected on device \Device\Harddisk1\D during a paging operation.


Some kind of problem reading the hard drive. The drive itself claims it has no problems in Speccy so let's look at the Chipset:

Go to the PC maker's website and see if they have an Intel Chipset Install Utility. IF not you can use Intel's

http://downloadcente...ss Chipset#help (either the .exe or the .inf file will work)

then I would try the Sata drivers:
Always best to get them from your PC Maker's website but if you can't find them there then:

http://download.cnet...2_4-162224.html

should work.

If neither seems to help then I would shut it down, open the case and find where the SATA (usually red) cable that runs from your hard drive to the motherboard plugs into the motherboard. Move it from that connection to the second SATA connector and then see if it will boot and if it does if that helps the speed.
  • 0

#37
ToniB

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
No problem. Certainly understand how that can happen.

One question -- I still have those 2 viruses in there that eset online scanner found. SHould I let it try to remove them or use some other program? Before or after I try what you just suggested?

Thanks!
  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
You can delete them manually if you want to or we can let OTL do it:

Copy the text in the code box by highlighting and Ctrl + c

:files
C:\Documents and Settings\Dell User\Local Settings\temp\ICReinstall\cnet2_ieSpellSetup264573_exe[1].exe
C:\Documents and Settings\Dell User\Local Settings\Temporary Internet Files\Content.IE5\QS777EFZ\cnet2_ieSpellSetup264573_exe[1].exe

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will probably not reboot the PC when it is done. Save the log and copy and paste it to a reply.
  • 0

#39
ToniB

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
========== FILES ==========
C:\Documents and Settings\Dell User\Local Settings\temp\ICReinstall\cnet2_ieSpellSetup264573_exe[1].exe moved successfully.
File\Folder C:\Documents and Settings\Dell User\Local Settings\Temporary Internet Files\Content.IE5\QS777EFZ\cnet2_ieSpellSetup264573_exe[1].exe not found.

OTL by OldTimer - Version 3.2.31.0 log created on 02032012_233334
  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Appears one was already gone. It did remove the first one.
  • 0

Advertisements


#41
ToniB

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
When I tried to update the Sata, I got a zip folder with the following 3 files: mcdl_win.dll, NoDoze.exe, Version.txt. Tried to run NoDoze, got Maxtor Doze Disable error message "Identify Drive Command failed!"

Not sure what to do about that...
Other update appeared to go through, not faster so far.

Also, when I typed the computer code into the Dell site, I found a list of 8 updates. For the model, there are 60+ suggested update. I am attaching screen shots of both; not sure where to start. (Correction: Tried to attach them as html but wasn't allowed to do it.)

Began with "urgent" updates, but all wouldn't run (couldn't find drive message, for example). Then I realized I'm not sure why all that are recommended for the model aren't recommended for my computer so maybe I shouldn't do them all?

Any suggestions would be much appreciated!

Still don't know what to do about my hard drive having gotten so full overnight. Any suggestions?

Thanks!

Edited by ToniB, 05 February 2012 - 07:29 PM.

  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
IF you go to dell support and put in your service tag it only shows 8 possible drivers and three of them are for a network so there's only 6 that are possibles. The Chipset driver is the only one that seems to apply. Don't see a SATA driver. The one you downloaded is for Maxtor and you have a Western Digital Drive. WD5000AVVS-63M8B0 (SATA)
You could get their Data Lifeguard Program for Windows http://support.wdc.c...0&sid=3&lang=en and see if it can run a test for you.
There is also a jumper on the drives which you can set to keep it from autonegotiating the speed. With some older motherboards this will make things more stable:

http://support.wdc.c...0&sid=3&lang=en OPTI Enabled pins 5 & 6


What I think happened is your SATA problem caused the drive to keep writing the same trash over and over thinking it wasn't taking. You need to delete the garbage files. They should all have the same date. 26 January 2012 sometime before 08:27. If you right click on Start and select Explore then click on your C:\ drive you can change the display from the worthless icons to Details by clicking on the little down arrow on the top bar. Once you get the detail listing click on the Date Modified column header to sort things by date. Then drill down and look for files created at that time. They should all have a date and time with a few minutes of each other. Just delete them.

Ron
  • 0

#43
ToniB

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
OK, will do.

i have a duplicate finder program. is it ok to use that & delete the ones with the right date (1/26) ? I am afraid of deleting something that is still needed and/or wasn't actually duplicated.

Update -- COMPLICATION: just ran a search as a test for 3 of the files that were created on 1/26. There are 2 copies of each in 2 different sub-folders/branches of the c:/QOOBOX folder BUT those are the ONLY 2 files of that name & they look like original & backups that I had made. If I go by creation date only, I'll delete all of the copies of the files. Wondering if something else is going on & that isn't the problem, esp as there were no duplicates made on G: (that I could find) & that drive increased by 120+ GB around that same time (but I think a day later?)?

Edited by ToniB, 06 February 2012 - 03:09 PM.

  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I doubt there is anything from that date that is critical other than possibly wba. Use whatever program you want. You want to remove the files for good tho so if you move them to the Recycle Bin then reboot and things still work OK you can then Empty the Recycle Bin. The Recycle bin is limited in its size so don't do them all at one time.

C:\qoobox is just the place where Combofix stores its stuff and backup copies of stuff it removes. You can uninstall Combofix and it should remove the folder:

To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Pause your anti-virus, Start, Run, cmd, OK then right click, Paste, then hit Enter.

If that doesn't remove the folder then remove it manually along with any folders in the C:\ drive that start with Combo...
  • 0

#45
ToniB

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
OK but I'm wondering where it got all those file it tried to copy. If I delete them all, it'll get rid of a lot of word files, etc that seem to ONLY be saved in that QOOBOX folder at this point. It might have gotten them then erased the original locations, somehow swelling to fit the size of the harddrive?

So confused...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP