Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CPU usage at 100%? Super slow! Please help! [Closed]

Started by iriss , Jul 24 2012 09:21 AM

  • This topic is locked This topic is locked

#1
iriss
Posted 24 July 2012 - 09:21 AM

iriss

    New Member

  • Member
  • Pip
  • 7 posts
Hello!
My internet keeps freezing up. My ISP assures me it is a computer, not a connection problem. My cpu usage shows at 100%, then 8%. It keeps sticking at 100%. Someone reccommended cleaning out the fans, which I've done with no luck. OTL logs follow:

OTL logfile created on: 7/24/2012 8:24:57 AM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = D:\Documents and Settings\kimosabe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.67% Memory free
5.29 Gb Paging File | 2.25 Gb Available in Paging File | 42.57% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 28.62 Gb Total Space | 28.44 Gb Free Space | 99.36% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 443.39 Gb Free Space | 95.20% Space Free | Partition Type: NTFS
Drive E: | 313.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHEPHERD | User Name: kimosabe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Documents and Settings\kimosabe\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - D:\Program Files\AVG Secure Search\vprot.exe ()
PRC - D:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
PRC - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe (Yahoo! Inc.)
PRC - D:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Java\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - D:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - D:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
PRC - D:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - D:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - D:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe (PC Tools)
PRC - D:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
PRC - D:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - D:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - D:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - D:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGGA.EXE (SEIKO EPSON CORPORATION)
PRC - D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - D:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)


========== Modules (No Company Name) ==========

MOD - D:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - D:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
MOD - D:\Program Files\AVG Secure Search\vprot.exe ()
MOD - D:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - D:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - D:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - D:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll ()
MOD - D:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - D:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll ()
MOD - D:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - D:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll ()
MOD - D:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - D:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - D:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll ()
MOD - D:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - D:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll ()
MOD - D:\Program Files\PC Tools\PC Tools Security\NetworkLayer\PCTCFHook.dll ()
MOD - D:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll ()
MOD - D:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl ()
MOD - D:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl ()
MOD - D:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl ()
MOD - D:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- D:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (JavaQuickStarterService) -- C:\Java\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Browser Defender Update Service) -- D:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- D:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- D:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (ThreatFire) -- D:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe (PC Tools)
SRV - (PassThru Service) -- D:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (avgwd) -- D:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (YahooAUService) -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (SWDUMon) -- D:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (pctplsg) -- D:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools)
DRV - (PCTSD) -- D:\WINDOWS\system32\drivers\PCTSD.sys (PC Tools)
DRV - (pctgntdi) -- D:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (TFSysMon) -- D:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- D:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- D:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (pctEFA) -- D:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- D:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)
DRV - (PCTCore) -- D:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (PCTBD) -- D:\WINDOWS\system32\drivers\PCTBD.sys (PC Tools)
DRV - (Avgtdix) -- D:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- D:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (htcnprot) -- D:\WINDOWS\system32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV - (HTCAND32) -- D:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (ALCXWDM) -- D:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- D:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D2BB3E5F-2358-4657-8DFA-4FB57706ABA8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{D2BB3E5F-2358-4657-8DFA-4FB57706ABA8}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - D:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\..\SearchScopes,DefaultScope = {D2BB3E5F-2358-4657-8DFA-4FB57706ABA8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{68418CC1-98F1-4D11-BE34-9700CAECF054}: "URL" = http://us.yhs4.searc...417,18807,0,8,0
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-07-06 20:05:17&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D2BB3E5F-2358-4657-8DFA-4FB57706ABA8}: "URL" = http://www.google.co...1I7RNQM_enUS485
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: D:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: D:\Documents and Settings\kimosabe\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: D:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 10:26:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: D:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/06 20:05:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: D:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/01/28 20:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Java\lib\deploy\jqs\ff [2012/01/29 11:44:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/04/10 03:04:30 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = D:\Documents and Settings\kimosabe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = D:\Documents and Settings\kimosabe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = D:\Documents and Settings\kimosabe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\
CHR - Extension: No name found = D:\Documents and Settings\kimosabe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: No name found = D:\Documents and Settings\kimosabe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Incredibar-Games EN Toolbar) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} - D:\Program Files\Incredibar-Games_EN\prxtbIncr.dll (Conduit Ltd.)
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Java\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - D:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - D:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivaceySafeguard)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - D:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Incredibar-Games EN Toolbar) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} - D:\Program Files\Incredibar-Games_EN\prxtbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - D:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Incredibar-Games EN Toolbar) - {238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} - D:\Program Files\Incredibar-Games_EN\prxtbIncr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe ARM] D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] D:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AlcxMonitor] D:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] D:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EEventManager] D:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HF_G_Jul] D:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] D:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ISTray] D:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [ROC_roc_dec12] "D:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] D:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [VTTimer] D:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DriverUpdate] D:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
O4 - HKCU..\Run: [EPSON NX125 NX127 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [InstallIQUpdater] D:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: D:\Documents and Settings\kimosabe\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://mywayphotos.r...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{604276C3-CEAB-4AF2-8578-D0EF202A8A9D}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - D:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - D:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - D:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - D:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - D:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - D:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - D:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 () - http://windowsupdate.microsoft.com/
O24 - Desktop WallPaper: D:\Documents and Settings\kimosabe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\kimosabe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - D:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - D:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - D:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - D:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - D:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/26 11:08:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/01/12 07:57:52 | 000,029,962 | R--- | M] () - E:\AUTOEXIT.TGA -- [ CDFS ]
O32 - AutoRun File - [2001/01/12 07:57:52 | 000,029,962 | R--- | M] () - E:\AUTOHELP.TGA -- [ CDFS ]
O32 - AutoRun File - [2001/01/12 07:57:52 | 000,029,962 | R--- | M] () - E:\AUTOINST.TGA -- [ CDFS ]
O32 - AutoRun File - [2001/01/26 08:55:26 | 000,173,612 | R--- | M] () - E:\AUTOMENU.TGA -- [ CDFS ]
O32 - AutoRun File - [2001/01/12 07:57:54 | 000,029,962 | R--- | M] () - E:\AUTOPLAY.TGA -- [ CDFS ]
O32 - AutoRun File - [2001/02/20 17:00:18 | 000,262,144 | R--- | M] () - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/12/27 13:22:24 | 000,000,129 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/01/12 07:58:00 | 000,029,962 | R--- | M] () - E:\AUTOWEB.TGA -- [ CDFS ]
O33 - MountPoints2\{8d08c778-47eb-11e1-8e5d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8d08c778-47eb-11e1-8e5d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8d08c778-47eb-11e1-8e5d-806d6172696f}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE -- [2001/02/20 17:00:18 | 000,262,144 | R--- | M] ()
O33 - MountPoints2\{8d08c778-47eb-11e1-8e5d-806d6172696f}\Shell\directx\command - "" = E:\DIRECTX\DXSETUP.EXE -- [2000/12/21 08:41:20 | 000,322,320 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 08:10:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\kimosabe\Desktop\OTL.exe
[2012/07/23 12:59:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/23 12:59:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/23 10:32:27 | 000,000,000 | ---D | C] -- D:\WINDOWS\LastGood
[2012/07/22 20:20:44 | 000,000,000 | ---D | C] -- D:\_OTM
[2012/07/22 19:59:46 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2012/07/22 19:57:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\kimosabe\Desktop\erunt
[2012/07/15 19:07:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/15 19:07:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/12 18:35:33 | 000,000,000 | ---D | C] -- D:\WINDOWS\Desktop
[2012/07/12 18:35:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\kimosabe\Start Menu\Programs\Hooked on Phonics Learning
[2012/07/12 18:35:29 | 000,000,000 | ---D | C] -- D:\Program Files\Hooked on Phonics Learning
[2012/07/12 18:20:54 | 000,283,648 | ---- | C] (Stirling Technologies, Inc.) -- D:\WINDOWS\uninst.exe
[2012/07/12 18:20:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\kimosabe\WINDOWS
[2012/07/07 18:08:49 | 000,574,424 | --S- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\TfSysMon.sys
[2012/07/07 18:08:49 | 000,054,328 | --S- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\TfFsMon.sys
[2012/07/07 18:08:49 | 000,035,264 | --S- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\TfNetMon.sys
[2012/07/07 18:08:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\kimosabe\Application Data\PCTools
[2012/07/06 20:05:10 | 000,000,000 | ---D | C] -- D:\Program Files\AVG Secure Search
[2012/07/06 20:04:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\kimosabe\Local Settings\Application Data\SlimWare Utilities Inc
[2012/07/06 20:04:23 | 000,000,000 | ---D | C] -- D:\Program Files\DriverUpdate
[2012/07/06 20:04:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\DriverUpdate
[2012/07/06 20:04:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\Downloaded Installers
[2012/07/06 10:20:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\kimosabe\My Documents\tough kid toolbox
[2012/07/05 16:47:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/07/05 12:39:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Systweak
[2012/07/04 17:50:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\kimosabe\Application Data\Systweak
[2012/06/25 08:23:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\kimosabe\Desktop\Unused Desktop Shortcuts
[4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/24 08:11:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\kimosabe\Desktop\OTL.exe
[2012/07/24 08:08:01 | 000,000,830 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/24 07:34:05 | 000,000,890 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 01:36:53 | 000,001,324 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012/07/23 18:34:08 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/23 12:36:12 | 000,000,374 | ---- | M] () -- D:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On kimosabe Logon.job
[2012/07/23 10:33:38 | 000,907,930 | ---- | M] () -- D:\WINDOWS\System32\drivers\Cat.DB
[2012/07/23 10:29:51 | 000,013,024 | ---- | M] () -- D:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/07/23 10:28:44 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012/07/22 20:02:19 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2012/07/22 20:02:16 | 000,267,800 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/22 19:57:48 | 000,513,320 | ---- | M] () -- D:\Documents and Settings\kimosabe\Desktop\erunt.zip
[2012/07/22 19:56:43 | 000,000,512 | ---- | M] () -- D:\Documents and Settings\kimosabe\Desktop\MBR.dat
[2012/07/16 09:16:40 | 000,230,840 | R--- | M] (Coupons, Inc.) -- D:\WINDOWS\System32\cpnprt2.cid
[2012/07/13 20:26:11 | 000,339,194 | ---- | M] () -- D:\Documents and Settings\kimosabe\Desktop\bkgetcertificate.aspx
[2012/07/12 18:58:07 | 000,000,205 | ---- | M] () -- D:\WINDOWS\Hop.ini
[2012/07/12 09:08:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/12 09:08:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/12 09:08:19 | 009,226,440 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/07/12 03:06:38 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2012/07/11 15:36:46 | 000,001,813 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/07/06 09:26:02 | 000,000,016 | ---- | M] () -- D:\WINDOWS\popcinfot.dat
[2012/07/05 16:47:23 | 000,000,870 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Peggle Deluxe.lnk
[2012/07/05 16:47:23 | 000,000,194 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2012/07/03 09:45:38 | 000,062,824 | ---- | M] () -- D:\Documents and Settings\kimosabe\Desktop\movies.jpg
[2012/06/24 10:51:28 | 000,010,478 | ---- | M] () -- D:\Documents and Settings\kimosabe\Desktop\Zombatar_3.jpg
[4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/22 19:57:46 | 000,513,320 | ---- | C] () -- D:\Documents and Settings\kimosabe\Desktop\erunt.zip
[2012/07/22 19:56:43 | 000,000,512 | ---- | C] () -- D:\Documents and Settings\kimosabe\Desktop\MBR.dat
[2012/07/13 20:26:05 | 000,339,194 | ---- | C] () -- D:\Documents and Settings\kimosabe\Desktop\bkgetcertificate.aspx
[2012/07/12 18:35:31 | 000,000,205 | ---- | C] () -- D:\WINDOWS\Hop.ini
[2012/07/06 20:04:33 | 000,013,024 | ---- | C] () -- D:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/07/05 16:47:23 | 000,000,870 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Peggle Deluxe.lnk
[2012/07/05 16:47:23 | 000,000,194 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2012/07/03 09:46:24 | 000,062,824 | ---- | C] () -- D:\Documents and Settings\kimosabe\Desktop\movies.jpg
[2012/06/24 10:51:28 | 000,010,478 | ---- | C] () -- D:\Documents and Settings\kimosabe\Desktop\Zombatar_3.jpg
[2012/04/02 13:57:47 | 000,000,016 | ---- | C] () -- D:\WINDOWS\popcinfot.dat
[2012/04/02 13:57:47 | 000,000,000 | ---- | C] () -- D:\WINDOWS\popcreg.dat
[2012/02/15 02:20:33 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2012/02/04 09:34:23 | 000,000,000 | ---- | C] () -- D:\WINDOWS\PowerReg.dat
[2012/01/30 15:10:32 | 000,000,439 | ---- | C] () -- D:\WINDOWS\hegames.ini
[2012/01/30 14:33:17 | 000,000,057 | ---- | C] () -- D:\WINDOWS\TONKA_GR.INI
[2012/01/28 21:13:34 | 000,000,000 | ---- | C] () -- D:\WINDOWS\EEventManager.INI
[2012/01/28 20:49:18 | 000,767,952 | ---- | C] () -- D:\WINDOWS\BDTSupport.dll
[2012/01/28 17:47:16 | 000,073,220 | ---- | C] () -- D:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/28 17:47:16 | 000,031,053 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/28 17:47:16 | 000,029,114 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/28 17:47:16 | 000,027,417 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/28 17:47:16 | 000,021,021 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/28 17:47:16 | 000,015,670 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/28 17:47:16 | 000,013,280 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/28 17:47:16 | 000,010,673 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/28 17:47:16 | 000,004,943 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/28 17:47:16 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/28 17:47:16 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/28 17:47:16 | 000,001,137 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/28 17:47:16 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/28 17:47:16 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/28 17:47:16 | 000,001,104 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/28 17:47:16 | 000,000,097 | ---- | C] () -- D:\WINDOWS\System32\PICSDK.ini
[2012/01/28 17:45:39 | 000,000,094 | ---- | C] () -- D:\WINDOWS\ENX125_127.ini
[2012/01/28 17:37:12 | 000,001,324 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012/01/26 21:12:06 | 000,156,672 | ---- | C] () -- D:\WINDOWS\System32\RtlCPAPI.dll
[2012/01/26 21:12:06 | 000,040,448 | ---- | C] () -- D:\WINDOWS\System32\ChCfg.exe
[2012/01/26 11:10:49 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2012/01/26 11:05:56 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2012/01/26 01:25:23 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2012/01/26 01:24:10 | 000,267,800 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/07/06 20:05:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/28 20:03:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVG2012
[2012/01/28 19:55:40 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\Common Files
[2012/04/07 10:47:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Driver Manager
[2012/01/28 21:14:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\EPSON
[2012/07/23 17:30:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MFAData
[2012/07/05 16:47:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/04/02 13:58:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PopCapY
[2012/07/05 12:39:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Systweak
[2012/07/24 08:33:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/28 07:11:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\W3i
[2012/01/28 20:08:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\AVG
[2012/01/28 19:55:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\AVG Secure Search
[2012/01/28 19:56:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\AVG2012
[2012/03/02 10:22:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\Catalina Marketing Corp
[2012/04/03 07:22:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\Epson
[2012/04/07 11:45:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\HTC
[2012/04/07 12:58:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/01/28 17:49:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\Leadertech
[2012/01/28 22:01:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\MixVibes
[2012/07/07 18:08:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\PCTools
[2012/07/05 12:39:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\Systweak
[2012/01/28 20:44:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\TestApp
[2012/01/29 10:02:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\kimosabe\Application Data\Unity
[2012/07/23 12:36:12 | 000,000,374 | ---- | M] () -- D:\WINDOWS\Tasks\AVG PC Tuneup Integrator Start On kimosabe Logon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 206 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 145 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >

OTL Extras logfile created on: 7/24/2012 8:24:58 AM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = D:\Documents and Settings\kimosabe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.67% Memory free
5.29 Gb Paging File | 2.25 Gb Available in Paging File | 42.57% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 28.62 Gb Total Space | 28.44 Gb Free Space | 99.36% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 443.39 Gb Free Space | 95.20% Space Free | Partition Type: NTFS
Drive E: | 313.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHEPHERD | User Name: kimosabe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Program Files\Epson Software\Event Manager\EEventManager.exe" = D:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"E:\Common\Driver Update\EDUPDATE.EXE" = E:\Common\Driver Update\EDUPDATE.EXE:*:Enabled:EPSON Driver Update
"D:\Program Files\AVG\AVG2012\avgmfapx.exe" = D:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\AVG\AVG2012\avgnsx.exe" = D:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\AVG\AVG2012\avgdiagex.exe" = D:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{05891AC5-DC7A-4B6D-B144-FE0DB96B180A}" = DriverUpdate
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Amazon Kindle" = Amazon Kindle
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"Browser Defender_is1" = Browser Defender 4.0
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON NX125 NX127 Series" = EPSON NX125 NX127 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"HOPDKey" = Hooked on Phonics Learn to Read
"ie8" = Windows Internet Explorer 8
"Incredibar-Games_EN Toolbar" = Incredibar-Games EN Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixVibes Cross - Discover DJ 1.3.2" = Cross - Discover DJ 1.3.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Peggle Deluxe" = Peggle Deluxe
"Plants vs. Zombies" = Plants vs. Zombies
"S3" = VIA/S3G Display Driver
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"Tonka Garage" = Tonka Garage
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NetAssistant 3.8.3" = Freeze.com NetAssistant
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2012 6:27:55 PM | Computer Name = SHEPHERD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2012 6:37:10 PM | Computer Name = SHEPHERD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2012 6:37:12 PM | Computer Name = SHEPHERD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2012 9:01:28 PM | Computer Name = SHEPHERD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2012 9:20:25 PM | Computer Name = SHEPHERD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/16/2012 1:43:28 PM | Computer Name = SHEPHERD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/16/2012 10:28:48 PM | Computer Name = SHEPHERD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/21/2012 12:38:56 AM | Computer Name = SHEPHERD | Source = Application Error | ID = 1000
Description = Faulting application e_fatigga.exe, version 7.0.0.0, faulting module
pctlsp.dll, version 9.0.0.909, fault address 0x00004b91.

Error - 6/2/2012 7:11:46 PM | Computer Name = SHEPHERD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2012 11:03:29 PM | Computer Name = SHEPHERD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/23/2012 2:36:37 PM | Computer Name = SHEPHERD | Source = Service Control Manager | ID = 7031
Description = The Help and Support service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 100 milliseconds:
Restart the service.

Error - 7/23/2012 2:36:37 PM | Computer Name = SHEPHERD | Source = Service Control Manager | ID = 7034
Description = The HID Input Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/23/2012 2:36:37 PM | Computer Name = SHEPHERD | Source = Service Control Manager | ID = 7034
Description = The Server service terminated unexpectedly. It has done this 1 time(s).

Error - 7/23/2012 2:36:37 PM | Computer Name = SHEPHERD | Source = Service Control Manager | ID = 7034
Description = The Workstation service terminated unexpectedly. It has done this
1 time(s).

Error - 7/23/2012 2:36:37 PM | Computer Name = SHEPHERD | Source = Service Control Manager | ID = 7034
Description = The Network Connections service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/23/2012 2:36:37 PM | Computer Name = SHEPHERD | Source = Service Control Manager | ID = 7034
Description = The Network Location Awareness (NLA) service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/23/2012 2:37:06 PM | Computer Name = SHEPHERD | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 7/23/2012 3:22:25 PM | Computer Name = SHEPHERD | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 7/24/2012 7:45:00 AM | Computer Name = SHEPHERD | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error: %%8

Error - 7/24/2012 7:45:07 AM | Computer Name = SHEPHERD | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error: %%8


< End of report >
Sorry. That is gigantic! TIA!
Iris
  • 0

Advertisements

#2
Render
Posted 30 July 2012 - 03:02 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

If you cannot connect to the internet please use some other working computer and removable media like USB memory stick to transfer tools and files.

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • If asked if you want to download Avast's virus definitions please select [bNo[/b].
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that. Please attach it here.

How to add an attachment to a new topic or reply

Step 2

  • Please download on the desktop RogueKiller (by tigzy).
  • Quit all programs.
  • Run RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan.
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop. We can also open it with the Report button.
  • Please copy content of report and post it in your next reply.

  • 0

#3
iriss
Posted 30 July 2012 - 08:00 PM

iriss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you for your reply! A few days ago my Spyware Doctor found a rootkit. I saw directions in another of your forums to fix it(goored fix and tdsskiller). I followed those and my computer is acting slightly faster. It is still redirecting to weird websites and the internet constantly freezes. Here is the RogueKiller result and the avast is attached.
:)
Iris

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: kimosabe [Admin rights]
Mode: Scan -- Date: 07/30/2012 19:53:26

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] aswMBR.exe -- D:\Documents and Settings\kimosabe\Desktop\aswMBR.exe -> KILLED [TermProc]
[RESIDUE] aswMBR.exe -- D:\Documents and Settings\kimosabe\Desktop\aswMBR.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[41] : NtCreateKey @ 0x805737EF -> HOOKED (TfSysMon.sys @ 0xBA77B290)
SSDT[63] : NtDeleteKey @ 0x80595A22 -> HOOKED (TfSysMon.sys @ 0xBA77B500)
SSDT[65] : NtDeleteValueKey @ 0x80593642 -> HOOKED (TfSysMon.sys @ 0xBA77B5C0)
SSDT[119] : NtOpenKey @ 0x80568FE8 -> HOOKED (TfSysMon.sys @ 0xBA77B130)
SSDT[247] : NtSetValueKey @ 0x8057DA5B -> HOOKED (TfSysMon.sys @ 0xBA77B7C0)
SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (TfSysMon.sys @ 0xBA77D930)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿ₫1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 5T030H3 +++++
--- User ---
[MBR] 7380e721e7ee3792cb0db8eebddf7b49
[BSP] 3e69a52c0063db22cc925badcc7a1168 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29309 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AAKB-00H8A0 +++++
--- User ---
[MBR] dc13aad3a12d18b123f042a072ec0934
[BSP] 6fcd5f37c4f332a2fb317119e03c0644 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Attached Files


  • 0

#4
Render
Posted 30 July 2012 - 08:47 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  • 0

#5
iriss
Posted 02 August 2012 - 10:13 AM

iriss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
So, I ran the Combofix and since it was takiung a while, I walked away. When I returned, my computer had rebooted. (My 5 year old son may or may not have had something to do with it) Your instructions say not to rerun. What should I do at this point?
Thanks,
Iris
  • 0

#6
Render
Posted 02 August 2012 - 10:37 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please open Windows Explorer and look for file: C:\ComboFix.txt
Open this file with Notepad, select all content, copy and paste it in your next reply.
  • 0

#7
iriss
Posted 03 August 2012 - 12:41 PM

iriss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
K. Here's what I got:

ComboFix 12-07-30.03 - kimosabe 08/02/2012 8:04.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.937 [GMT -6:00]
Running from: d:\documents and settings\kimosabe\Desktop\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 13:58 . 2012-08-02 13:58 -------- d-----w- d:\windows\LastGood
2012-07-28 15:38 . 2012-07-28 15:38 -------- d-----w- D:\TDSSKiller_Quarantine
2012-07-23 02:20 . 2012-07-23 02:20 -------- d-----w- D:\_OTM
2012-07-16 01:08 . 2012-07-16 01:08 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
2012-07-13 00:35 . 2012-07-13 00:35 -------- d-----w- d:\program files\Hooked on Phonics Learning
2012-07-13 00:20 . 2000-12-27 19:22 283648 ----a-w- d:\windows\uninst.exe
2012-07-08 00:08 . 2012-01-11 21:56 574424 --s---w- d:\windows\system32\drivers\TfSysMon.sys
2012-07-08 00:08 . 2012-01-11 21:56 54328 --s---w- d:\windows\system32\drivers\TfFsMon.sys
2012-07-08 00:08 . 2012-01-11 21:56 35264 --s---w- d:\windows\system32\drivers\TfNetMon.sys
2012-07-08 00:08 . 2012-07-08 00:08 -------- d-----w- d:\documents and settings\kimosabe\Application Data\PCTools
2012-07-07 02:05 . 2012-07-18 15:29 -------- d-----w- d:\program files\AVG Secure Search
2012-07-07 02:04 . 2012-08-02 13:58 13024 ----a-w- d:\windows\system32\drivers\SWDUMon.sys
2012-07-07 02:04 . 2012-07-07 02:04 -------- d-----w- d:\documents and settings\kimosabe\Local Settings\Application Data\SlimWare Utilities Inc
2012-07-07 02:04 . 2012-07-07 02:04 -------- d-----w- d:\program files\DriverUpdate
2012-07-05 22:47 . 2012-07-05 22:47 -------- d-----w- d:\documents and settings\All Users\Application Data\PopCap Games
2012-07-05 18:39 . 2012-07-05 18:39 -------- d-----w- d:\documents and settings\All Users\Application Data\Systweak
2012-07-04 23:50 . 2012-07-05 18:39 -------- d-----w- d:\documents and settings\kimosabe\Application Data\Systweak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 00:08 . 2012-04-12 15:45 426184 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-07-28 00:08 . 2012-01-28 22:47 70344 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-28 00:08 . 2012-05-05 15:08 9230024 ----a-w- d:\windows\system32\FlashPlayerInstaller.exe
2012-07-16 15:16 . 2012-02-20 00:32 230840 ----a-r- d:\windows\system32\cpnprt2.cid
2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- d:\windows\system32\msxml4.dll
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- d:\windows\system32\win32k.sys
2012-06-05 15:50 . 2012-01-26 18:50 1372672 ----a-w- d:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- d:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- d:\windows\system32\schannel.dll
2012-06-02 21:19 . 2009-08-07 02:24 22040 ----a-w- d:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2012-01-26 17:06 329240 ----a-w- d:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2012-01-26 17:06 210968 ----a-w- d:\windows\system32\wuweb.dll
2012-06-02 21:19 . 2012-01-26 17:06 219160 ----a-w- d:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2009-08-07 02:24 15384 ----a-w- d:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2012-01-26 17:06 53784 ----a-w- d:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2012-01-26 17:06 35864 ----a-w- d:\windows\system32\wups.dll
2012-06-02 21:19 . 2009-08-07 02:24 45080 ----a-w- d:\windows\system32\wups2.dll
2012-06-02 21:19 . 2009-08-07 02:24 15384 ----a-w- d:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2004-08-04 12:00 97304 ----a-w- d:\windows\system32\cdm.dll
2012-06-02 21:19 . 2009-08-07 02:24 17944 ----a-w- d:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2012-01-26 17:06 577048 ----a-w- d:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2012-01-26 17:06 1933848 ----a-w- d:\windows\system32\wuaueng.dll
2012-06-02 21:18 . 2012-02-07 23:12 275696 ----a-w- d:\windows\system32\mucltui.dll
2012-06-02 21:18 . 2012-02-07 23:12 214256 ----a-w- d:\windows\system32\muweb.dll
2012-06-02 21:18 . 2012-02-07 23:12 17136 ----a-w- d:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- d:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- d:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 12:00 43520 ------w- d:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ------w- d:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_00.07.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-02 14:01 . 2012-08-02 14:01 16384 d:\windows\Temp\Perflib_Perfdata_9a0.dat
+ 2012-08-02 13:55 . 2012-08-02 13:56 16384 d:\windows\Temp\Perflib_Perfdata_740.dat
+ 2012-08-02 13:58 . 2012-07-28 15:42 13024 d:\windows\LastGood\system32\DRIVERS\SWDUMon.sys
- 2012-07-28 15:43 . 2012-07-28 15:34 13024 d:\windows\LastGood\system32\DRIVERS\SWDUMon.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "d:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9}]
2011-05-09 08:49 176936 ----a-w- d:\program files\Incredibar-Games_EN\prxtbIncr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-07 02:05 2074208 ----a-w- d:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "d:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-07 2074208]
"{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9}"= "d:\program files\Incredibar-Games_EN\prxtbIncr.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}"= "d:\program files\Incredibar-Games_EN\prxtbIncr.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="d:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-21 39408]
"DriverUpdate"="d:\program files\DriverUpdate\DriverUpdate.exe" [2012-07-02 28215168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EEventManager"="d:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AVG_TRAY"="d:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"vProt"="d:\program files\AVG Secure Search\vprot.exe" [2012-07-07 1107552]
"ISTray"="d:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-01-11 2659768]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"HTC Sync Loader"="d:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"HF_G_Jul"="d:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
.
d:\documents and settings\kimosabe\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"d:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"d:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"d:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R?3 ThreatFire;ThreatFire;d:\program files\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> d:\program files\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
R0 AVGIDSEH;AVGIDSEH;d:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 2:14 AM 23120]
R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [1/28/2012 8:45 PM 331880]
R0 pctDS;PC Tools Data Store;d:\windows\system32\drivers\pctDS.sys [1/28/2012 8:45 PM 342168]
R0 pctEFA;PC Tools Extended File Attributes;d:\windows\system32\drivers\pctEFA.sys [1/28/2012 8:45 PM 909728]
R0 TfFsMon;TfFsMon;d:\windows\system32\drivers\TfFsMon.sys [7/7/2012 6:08 PM 54328]
R0 TFSysMon;TfSysMon;d:\windows\system32\drivers\TfSysMon.sys [7/7/2012 6:08 PM 574424]
R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 295248]
R1 pctgntdi;pctgntdi;d:\windows\system32\drivers\pctgntdi.sys [1/28/2012 8:47 PM 253352]
R1 PCTSD;PC Tools Spyware Doctor Driver;d:\windows\system32\drivers\PCTSD.sys [1/28/2012 8:45 PM 185560]
R2 avgwd;AVG WatchDog;d:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [1/28/2012 8:49 PM 546768]
R2 PassThru Service;Internet Pass-Through Service;d:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/15/2011 12:06 PM 88576]
R2 sdAuxService;PC Tools Auxiliary Service;d:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [1/28/2012 8:47 PM 402336]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;d:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [7/6/2012 8:05 PM 935008]
R3 PCTBD;PC Tools Browser Defender Driver;d:\windows\system32\drivers\PCTBD.sys [1/28/2012 8:49 PM 56840]
R3 pctplsg;pctplsg;d:\windows\system32\drivers\pctplsg.sys [1/28/2012 8:47 PM 70536]
R3 TfNetMon;TfNetMon;d:\windows\system32\drivers\TfNetMon.sys [7/7/2012 6:08 PM 35264]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [1/28/2012 9:07 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/12/2012 9:45 AM 250056]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [1/28/2012 9:07 PM 136176]
S3 HTCAND32;HTC Device Driver;d:\windows\system32\drivers\ANDROIDUSB.sys [4/7/2012 11:37 AM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;d:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 SWDUMon;SWDUMon;d:\windows\system32\drivers\SWDUMon.sys [7/6/2012 8:04 PM 13024]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 00:08]
.
2012-08-02 d:\windows\Tasks\AVG PC Tuneup Integrator Start On kimosabe Logon.job
- d:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-01-29 00:20]
.
2012-08-02 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 03:07]
.
2012-08-02 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 03:07]
.
.
------- Supplementary Scan -------
.
LSP: d:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - d:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-02 08:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
d:\program files\PC Tools\PC Tools Security\TFEngine\TFNI.dll
.
- - - - - - - > 'lsass.exe'(808)
d:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2340)
d:\windows\system32\WININET.dll
d:\program files\PC Tools\PC Tools Security\TFEngine\TFNI.dll
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-08-02 08:25:48
ComboFix-quarantined-files.txt 2012-08-02 14:25
ComboFix2.txt 2012-08-02 00:19
.
Pre-Run: 478,610,997,248 bytes free
Post-Run: 478,597,062,656 bytes free
.
- - End Of File - - 39611647935527F6D0AC5A65BC34CBC4

Thanks!
Iris
  • 0

#8
Render
Posted 04 August 2012 - 11:54 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Click on Check for Updates button.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#9
iriss
Posted 05 August 2012 - 09:37 AM

iriss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
kimosabe :: SHEPHERD [administrator]

Protection: Enabled

8/5/2012 8:18:50 AM
mbam-log-2012-08-05 (08-18-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180172
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Sweet! Does that mean I'm in the clear?
  • 0

#10
Render
Posted 05 August 2012 - 09:47 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, looks like your problems with system performance are not malware related. Please do the following:
  • Please go here and click on Run Now.
  • Then follow instructions.
  • Test system performance.

  • 0

#11
Render
Posted 05 August 2012 - 09:57 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please ignore my previous post as your operating system is not supported. Instead proceed with this:

To start Windows XP with a clean boot, follow these steps:

Step 1

  • Click Start, click Run, type msconfig, and then click OK.
  • The System Configuration Utility dialog box is displayed.
Step 2

  • In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
  • Click to clear the Process SYSTEM.INI File check box.
  • Click to clear the Process WIN.INI File check box.
  • Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
  • Click the Services tab.
  • Click to select the Hide All Microsoft Services check box.
  • Click Disable All, and then click OK.
  • When you are prompted, click Restart to restart the computer.

Test system performance.
  • 0

#12
iriss
Posted 09 August 2012 - 08:37 AM

iriss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much! My computer has stopped redirecting and is much faster than it was. It still freezes when I switch internet pages and if there is any animation such as Flash or even pictures on the screen, it takes longer. When Flash plays, the picture and sound are out of sync and freeze up. Could you maybe help me with this problem, too? Please?
  • 0

#13
Render
Posted 09 August 2012 - 09:48 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Let's see specifications of your machine first. Please do the following:

  • Please download Speccy from here install and run it.
  • Wait a few minutes then click File menu then Save as Text file... and save report to your desktop.
  • Open that txt file in Notepad and find Operating System section and delete this line: Serial Number: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
  • Save it by clicking on File and then on Save.
  • Please attach that report in your next reply.

How to add an attachment to a new topic or reply
  • 0

#14
Render
Posted 22 August 2012 - 03:59 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP