Running slow, possible virus?

View previous topic View next topic Go down

Running slow, possible virus?

Post by wooowooo on Mon Oct 19, 2009 12:53 am

Laptop running way too slow, possible virus?
Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:32 PM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\AOL\1046827405\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IC Media Corp\Micro Webcam Basic IC50C\Launchpad.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\User\My Documents\Downloads\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1046827405\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launchpad.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 8972 bytes

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by Dr Jay on Mon Oct 19, 2009 1:50 am

Download [You must be registered and logged in to see this link.] to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll
    %systemroot%\system32\drivers\iaStor.sys
    %systemroot%\System32\drivers\nvstor.sys
    %systemroot%\system32\drivers\atapi.sys

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time



Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Sat Nov 07, 2009 5:10 pm

Sorry for the delay, I must have missed the reply email. Thanks.

OTL Extras logfile created on: 11/7/2009 10:31:38 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.37 Mb Total Physical Memory | 143.74 Mb Available Physical Memory | 28.11% Memory free
863.17 Mb Paging File | 336.19 Mb Available in Paging File | 38.95% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 1.70 Gb Free Space | 9.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 66.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DDW-LAPTOP
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\DIRECWAY\BIN\websetup.exe" = C:\Program Files\DIRECWAY\BIN\websetup.exe:*:Enabled:websetup -- File not found
"C:\Program Files\DIRECWAY\BIN\dpcnav.exe" = C:\Program Files\DIRECWAY\BIN\dpcnav.exe:*:Enabled:Navigator -- File not found
"C:\Program Files\Common Files\AOL\1046827405\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1046827405\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Documents and Settings\User\Desktop\programs\wowclient-downloader.exe" = C:\Documents and Settings\User\Desktop\programs\wowclient-downloader.exe:*:Enabled:wowclient-downloader -- (Blizzard Entertainment)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Anonymizer\Stealth Surfer\AnonUpdater.exe" = C:\Program Files\Anonymizer\Stealth Surfer\AnonUpdater.exe:*:Enabled:AnonUpdater -- ()
"C:\Program Files\Anonymizer\Stealth Surfer\privmgr.exe" = C:\Program Files\Anonymizer\Stealth Surfer\privmgr.exe:*:Enabled:Stealth Surfer -- ( )
"C:\Program Files\Anonymizer\Stealth Surfer\ptu.exe" = C:\Program Files\Anonymizer\Stealth Surfer\ptu.exe:*:Enabled:ptu -- ()
"C:\Program Files\Anonymizer\Stealth Surfer\approxy.exe" = C:\Program Files\Anonymizer\Stealth Surfer\approxy.exe:*:Enabled:approxy -- (Anonymizer.com)
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware -- (Lavasoft AB)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{02DF0F34-28A5-4756-9363-1D25B613437B}" = cds2
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
"{3FD3DF65-694C-4F71-97BA-1A70BB2B8B9C}" = Micro Webcam Basic IC50C
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.28
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{669F3AD6-07C4-48EF-99F7-CF64EDB845E9}" = USB Susteen Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{85CFDC2D-710E-49D5-B799-F3743CA506BA}" = Microsoft Protection Service
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9C310857-43B8-4EB5-9551-132AF36D7A4E}" = Intel(R) PROSet
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A81BFA08-5D4C-4D4C-ACEF-BF558C70D99D}" = AT&T Communication Manager
"{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}" = Dr Watson for Microsoft Windows OneCare Live v1.0.0971.42
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.28
"{D7FD13E2-EAFE-4F08-B00C-81688C153B5B}" = HiJaak Image Studio 1.0
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E19078E6-B368-4FE3-9E31-EA782A3D2C14}" = MControl Version 2.6.3
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E8498762-C133-40AA-9207-453F93BC66EA}" = WellSight Log Viewer 6
"{EB8D9C06-E107-41DC-8925-125FF1C413D5}" = Anonymizer Stealth Surfer
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Evrsoft First Page 2006_is1" = Evrsoft First Page 2006
"Game Elements GGE910 Wireless PC Control Pad" = Game Elements GGE910 Wireless PC Control Pad
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Installing HSP56 MicroModem Drivers" = PCTEL 2304WT V.9x MDC Modem Drivers
"InstallShield_{669F3AD6-07C4-48EF-99F7-CF64EDB845E9}" = USB Susteen Driver
"InstallShield_{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"LogPlot 2005" = LogPlot 2005
"LogPlot 7" = LogPlot 7
"LogView 2005" = LogView 2005
"Mainlog" = Mainlog
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Parallel Port Joystick" = Parallel Port Joystick
"PROR" = Microsoft Office Professional 2007
"QuickTime" = QuickTime
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer
"SAFWORLD" = Safeworld PC Surveillance
"ST6UNST #1" = ScreenPrint32 v3.5
"StreetPlugin" = Learn2 Player (Uninstall Only)
"VB Decompiler Lite_is1" = VB Decompiler Lite 3.3
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinAVR" = WinAVR 20070122 (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinSS" = Windows Live OneCare
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Perfect PRO Office 1.1.2" = Perfect PRO Office 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/26/2009 1:14:45 AM | Computer Name = DDW-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.2.23, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 9/30/2009 1:05:02 AM | Computer Name = DDW-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application zcfgsvc.exe, version 4.1.0.53, faulting module
zcfgsvc.exe, version 4.1.0.53, fault address 0x0001323b.

Error - 9/30/2009 1:07:35 AM | Computer Name = DDW-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.2.23, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 3/18/2009 1:04:07 AM | Computer Name = DDW-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/18/2009 1:04:56 AM | Computer Name = DDW-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/18/2009 1:05:01 AM | Computer Name = DDW-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/4/2003 1:28:43 AM | Computer Name = DDW-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/4/2003 1:28:43 AM | Computer Name = DDW-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/4/2009 5:30:09 PM | Computer Name = DDW-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.2.23, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 11/7/2009 12:32:15 PM | Computer Name = DDW-LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
valid source could be found for product Microsoft Office 2000 SR-1 Professional.
The Windows installer cannot continue.

[ MSFWSVC Events ]
Error - 7/18/2009 1:02:23 AM | Computer Name = DDW-LAPTOP | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x8007276B, Error Message: WSAStartup cannot function at this time
because the underlying system it uses to provide network services is currently unavailable.
.

Error - 7/20/2009 1:02:09 AM | Computer Name = DDW-LAPTOP | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x8007276B, Error Message: WSAStartup cannot function at this time
because the underlying system it uses to provide network services is currently unavailable.
.

Error - 7/22/2009 1:04:01 AM | Computer Name = DDW-LAPTOP | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x8007276B, Error Message: WSAStartup cannot function at this time
because the underlying system it uses to provide network services is currently unavailable.
.

Error - 7/30/2009 2:05:39 PM | Computer Name = DDW-LAPTOP | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x8007276B, Error Message: WSAStartup cannot function at this time
because the underlying system it uses to provide network services is currently unavailable.
.

Error - 8/19/2009 1:31:05 AM | Computer Name = DDW-LAPTOP | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x8007276B, Error Message: WSAStartup cannot function at this time
because the underlying system it uses to provide network services is currently unavailable.
.

Error - 8/23/2009 1:02:23 AM | Computer Name = DDW-LAPTOP | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x8007276B, Error Message: WSAStartup cannot function at this time
because the underlying system it uses to provide network services is currently unavailable.
.

Error - 8/31/2009 3:27:29 PM | Computer Name = DDW-LAPTOP | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x8007276B, Error Message: WSAStartup cannot function at this time
because the underlying system it uses to provide network services is currently unavailable.
.

Error - 9/6/2009 1:04:05 AM | Computer Name = DDW-LAPTOP | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x8007276B, Error Message: WSAStartup cannot function at this time
because the underlying system it uses to provide network services is currently unavailable.
.

Error - 3/18/2009 1:03:01 AM | Computer Name = DDW-LAPTOP | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x8007276B, Error Message: WSAStartup cannot function at this time
because the underlying system it uses to provide network services is currently unavailable.
.

Error - 3/4/2003 1:24:48 AM | Computer Name = DDW-LAPTOP | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x8007276B, Error Message: WSAStartup cannot function at this time
because the underlying system it uses to provide network services is currently unavailable.
.

[ OSession Events ]
Error - 7/30/2009 2:13:39 PM | Computer Name = DDW-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 139
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/7/2009 12:11:24 PM | Computer Name = DDW-LAPTOP | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 11/7/2009 12:11:57 PM | Computer Name = DDW-LAPTOP | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 11/7/2009 12:13:48 PM | Computer Name = DDW-LAPTOP | Source = MSFWDrv | ID = 262153
Description = The device, , did not respond within the timeout period.

Error - 11/7/2009 12:13:56 PM | Computer Name = DDW-LAPTOP | Source = MSFWDrv | ID = 262153
Description = The device, , did not respond within the timeout period.

Error - 11/7/2009 12:14:18 PM | Computer Name = DDW-LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 11/7/2009 12:14:24 PM | Computer Name = DDW-LAPTOP | Source = MSFWDrv | ID = 262153
Description = The device, , did not respond within the timeout period.

Error - 11/7/2009 12:14:43 PM | Computer Name = DDW-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 11/7/2009 12:14:49 PM | Computer Name = DDW-LAPTOP | Source = MSFWDrv | ID = 262153
Description = The device, , did not respond within the timeout period.

Error - 11/7/2009 12:15:14 PM | Computer Name = DDW-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 11/7/2009 12:15:35 PM | Computer Name = DDW-LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.

[ Windows OneCare Events ]
Error - 1/7/2008 7:49:33 AM | Computer Name = OFFICE-LAPTOP | Source = WinSS | ID = 8001
Description = Successfully detected a local printer failed to share it PrinterName
= Auto Epson Stylus COLOR 1520 ESC/P 2 on UNIT26 MachineName = OFFICE-LAPTOP ShareName
= DriverName = Epson Stylus COLOR 1520 ESC/P 2 Driver FileName = UNIDRV.DLL Driver
Version = 3 Driver File Creation date = 126384192000000000 Driver Port = NETWORK Eligibility
For Sharing = 1 Shared By OneCare = 0 Pre-OneCare Status = 1 Local Printer = 0 Sharing
Status = 1 Error Type = 5 Error Code = 0x0 EventID = 1 TelemetryAutoGuid = {2B979AE2-439E-4EEE-8B02-78869118B757}

Error - 1/7/2008 7:49:43 AM | Computer Name = OFFICE-LAPTOP | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a180109.


< End of report >

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Sat Nov 07, 2009 5:13 pm

OTL logfile created on: 11/7/2009 10:31:37 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.37 Mb Total Physical Memory | 143.74 Mb Available Physical Memory | 28.11% Memory free
863.17 Mb Paging File | 336.19 Mb Available in Paging File | 38.95% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 1.70 Gb Free Space | 9.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 66.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DDW-LAPTOP
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/07 10:27:58 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2009/11/07 10:27:58 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2009/09/13 23:12:14 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/27 23:22:05 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/27 23:22:04 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/07/27 23:22:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 11:15:38 | 01,139,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2009/07/09 11:15:38 | 00,065,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2009/07/09 11:15:32 | 00,026,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2009/07/05 23:26:59 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/05 23:26:45 | 00,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/03/22 01:24:50 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/06 04:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/12 12:46:08 | 09,555,968 | ---- | M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe
PRC - [2008/12/12 12:46:08 | 09,555,968 | ---- | M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe
PRC - [2008/07/09 16:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/06/24 12:34:50 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1046827405\ee\aolsoftware.exe
PRC - [2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/27 22:56:32 | 00,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2007/09/18 06:42:04 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
PRC - [2006/10/23 06:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2006/01/28 17:35:10 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2004/02/20 04:36:48 | 00,360,448 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2004/02/20 04:34:06 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/02/20 04:32:58 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003/10/31 18:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2002/02/13 11:18:10 | 00,036,864 | ---- | M] () -- C:\Program Files\IC Media Corp\Micro Webcam Basic IC50C\launchpad.exe


========== Modules (SafeList) ==========

MOD - [2009/11/07 10:27:58 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 18:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 18:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/27 23:22:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 11:15:38 | 01,139,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2009/07/09 11:15:32 | 00,026,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2009/07/05 23:26:39 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/09 16:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 18:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/11/27 22:56:32 | 00,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - [2007/09/18 06:56:46 | 00,109,080 | ---- | M] (PCTEL) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2007/09/18 06:42:04 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/23 06:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/01/28 17:35:10 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/02/20 04:34:06 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/02/20 04:32:58 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/04/29 13:29:54 | 00,139,264 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/22 01:27:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/27 23:22:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/04 13:00:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/13 23:13:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/13 23:13:09 | 00,000,000 | ---D | M]

[2009/08/17 12:33:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/08/17 12:33:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/04 15:38:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k70ej2sf.default\extensions
[2003/03/03 23:36:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k70ej2sf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/17 12:14:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/13 23:13:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/13 23:12:00 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/09/13 23:12:02 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/13 23:12:32 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/07/30 01:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/30 01:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/30 01:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/30 01:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/30 01:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/30 01:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/30 01:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1046827405\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKCU..\Run: [PRIVANAL] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchpad.lnk = C:\Program Files\IC Media Corp\Micro Webcam Basic IC50C\launchpad.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 83 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} [You must be registered and logged in to see this link.] (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [You must be registered and logged in to see this link.] (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/21 11:32:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13bbdaf0-e9a8-11dc-add9-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{13bbdaf0-e9a8-11dc-add9-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{13bbdaf0-e9a8-11dc-add9-00038a000015}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{eb0eb370-4dff-11d7-acb8-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{eb0eb370-4dff-11d7-acb8-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb0eb370-4dff-11d7-acb8-00038a000015}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/09/21 11:31:40 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)

MsConfig - StartUpReg: PCTVOICE - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: OneCareMP - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: OneCareMP - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D5974C5-5185-4f5b-80B6-28015ACDD74C} - q319182
ActiveX: {2eac6a2d-57a8-44d4-96f7-e32bab40ca5f} - Windows Update
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL ()
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 14 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[64 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2009/11/07 10:22:30 | 00,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/07 10:22:28 | 00,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/07 10:22:25 | 00,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/07 10:18:48 | 00,001,005 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/07 10:14:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/06 23:02:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/06 23:02:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[64 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/19 19:23:22 | 00,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2009/03/24 23:10:51 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\GGE910cp.dll
[2009/03/22 07:43:28 | 03,734,328 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/03/22 00:42:19 | 00,021,109 | ---- | C] () -- C:\WINDOWS\System32\drivers\etusbf.sys
[2009/02/19 03:53:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CDS2DATAENTRY.INI
[2009/02/18 01:38:30 | 00,000,038 | ---- | C] () -- C:\WINDOWS\CDSIMPORT2.INI
[2008/04/20 22:12:12 | 00,000,068 | ---- | C] () -- C:\WINDOWS\System32\msset.sys
[2008/03/22 05:18:38 | 01,289,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\XRNBO.sys
[2008/03/03 23:14:03 | 00,025,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/06/19 18:57:28 | 00,000,141 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2007/06/19 18:57:24 | 00,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2007/06/19 18:57:24 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2007/06/17 00:12:48 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/22 18:14:58 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/14 12:50:16 | 00,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2007/05/03 22:44:24 | 00,073,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\SENTINEL.SYS
[2007/05/03 22:44:24 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\SNTI386.DLL
[2007/05/03 22:44:24 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\RNBOVDD.DLL
[2007/05/03 22:43:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/03/21 10:30:59 | 00,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2007/03/21 10:30:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2007/03/21 10:28:52 | 00,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2007/03/21 10:28:52 | 00,003,953 | R--- | C] () -- C:\WINDOWS\System32\coinst.dll
[2007/03/06 13:32:39 | 00,000,095 | ---- | C] () -- C:\Documents and Settings\User\Application Data\sversion.ini
[2007/03/06 00:06:13 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ICMSetup532.dll
[2007/03/06 00:02:39 | 00,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2006/09/21 20:43:52 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/09/21 15:02:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/21 12:58:21 | 00,071,272 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/09/21 11:54:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini
[2006/09/21 06:11:17 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/07/15 12:35:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/02/20 04:33:34 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2004/01/30 08:37:50 | 00,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/10/20 22:11:46 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2003/09/10 01:17:24 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 01:17:24 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/03/04 00:38:50 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/03/04 00:02:13 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/02/13 16:40:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\mdmmoh.dll
[2003/01/30 06:04:00 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\STLPMT45.DLL
[2002/06/25 15:50:00 | 00,001,005 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/06/25 15:47:50 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/03/01 13:43:34 | 00,028,008 | ---- | C] () -- C:\WINDOWS\System32\SUSUSB.SYS
[2001/12/03 15:50:58 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 15:50:20 | 00,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2000/07/07 05:49:30 | 00,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 15:28:12 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 15:24:10 | 00,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1999/01/22 12:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/03/03 23:08:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2007/03/24 07:03:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2007/06/04 23:43:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/09/21 17:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/20 20:49:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.bsnes
[2008/03/03 23:21:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AT&T
[2008/04/02 08:15:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CoolFlvMan
[2008/04/02 08:13:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CoolYouTubeDownloader
[2008/03/03 23:16:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DBUpdater
[2007/12/24 00:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Echo Software
[2006/09/21 20:40:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2008/03/03 23:03:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sierra Wireless
[2002/06/25 15:42:17 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2007/05/23 02:11:59 | 00,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
[2009/11/06 23:02:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2002/06/05 11:00:28 | 00,065,536 | ---- | M] () -- C:\Amcap532.exe
[2003/03/05 16:28:26 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[64 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\scecli.dll >
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[64 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

< %systemroot%\system32\drivers\iaStor.sys >

< %systemroot%\System32\drivers\nvstor.sys >

< %systemroot%\system32\drivers\atapi.sys >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
< End of report >

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by Dr Jay on Sat Nov 07, 2009 9:10 pm

Please download [You must be registered and logged in to see this link.] to your desktop

  • Double click the program to run it. It will only take a few seconds to run.
  • You will be prompted to press any key at the end to close it
  • Once it is finished, it will remove itself. If not, delete it yourself


==

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    winlogon.exe
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    sfc.dll
    svchost.exe
    cngaudit.dll
    beep.sys
    wscntfy.exe
    atapi.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Sat Nov 07, 2009 10:43 pm

Thank you again for your help. Here is the systemlook log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:38 on 07/11/2009 by User (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [21:27 25/08/2008] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll -----c 181248 bytes [07:56 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [21:45 25/06/2002] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [21:27 25/08/2008] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -----c 407040 bytes [07:56 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [21:42 25/06/2002] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [21:28 25/08/2008] [07:56 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -----c 56320 bytes [07:56 04/08/2004] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 56320 bytes [21:38 25/06/2002] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "winlogon.exe"
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c 502272 bytes [21:26 25/08/2008] [07:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe -----c 507904 bytes [07:56 04/08/2004] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.exe --a--- 507904 bytes [21:50 25/06/2002] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E

Searching for "comres.dll"
C:\WINDOWS\$NtServicePackUninstall$\comres.dll -----c 792064 bytes [21:28 25/08/2008] [07:56 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\ServicePackFiles\i386\comres.dll -----c 792064 bytes [07:56 04/08/2004] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\system32\comres.dll --a--- 792064 bytes [21:37 25/06/2002] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D

Searching for "crypt32.dll"
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll -----c 597504 bytes [21:28 25/08/2008] [07:56 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\$NtUninstallQ329115$\crypt32.dll -----c 554496 bytes [18:05 21/09/2006] [21:37 25/06/2002] D3E5375BBC19AB4853D1331854F673A9
C:\WINDOWS\ServicePackFiles\i386\crypt32.dll -----c 599040 bytes [07:56 04/08/2004] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\system32\crypt32.dll --a--- 599040 bytes [20:10 23/09/2002] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c 33280 bytes [21:27 25/08/2008] [07:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe -----c 33280 bytes [07:56 04/08/2004] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\system32\rundll32.exe --a--- 33280 bytes [21:45 25/06/2002] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6

Searching for "sfc.dll"
C:\WINDOWS\$NtServicePackUninstall$\sfc.dll -----c 5120 bytes [21:27 25/08/2008] [07:56 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\ServicePackFiles\i386\sfc.dll -----c 5120 bytes [07:56 04/08/2004] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\system32\sfc.dll --a--- 5120 bytes [21:46 25/06/2002] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3

Searching for "svchost.exe"
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c 14336 bytes [21:27 25/08/2008] [07:56 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ServicePackFiles\i386\svchost.exe -----c 14336 bytes [07:56 04/08/2004] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\svchost.exe --a--- 14336 bytes [21:47 25/06/2002] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18

Searching for "cngaudit.dll"
No files found.

Searching for "beep.sys"
C:\WINDOWS\system32\dllcache\beep.sys --a--c 4224 bytes [21:36 25/06/2002] [21:36 25/06/2002] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\drivers\beep.sys --a--- 4224 bytes [21:36 25/06/2002] [21:36 25/06/2002] DA1F27D85E0D1525F6621372E7B685E9

Searching for "wscntfy.exe"
C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe -----c 13824 bytes [21:30 25/08/2008] [07:56 04/08/2004] 49911DD39E023BB6C45E4E436CFBD297
C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe -----c 13824 bytes [07:56 04/08/2004] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5
C:\WINDOWS\system32\wscntfy.exe ------ 13824 bytes [07:56 04/08/2004] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [21:26 25/08/2008] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ServicePackFiles\i386\atapi.sys -----c 96512 bytes [05:59 04/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [21:36 25/06/2002] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by Dr Jay on Sat Nov 07, 2009 11:40 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Sun Nov 08, 2009 3:43 am

Malwarebytes' Anti-Malware 1.41
Database version: 3119
Windows 5.1.2600 Service Pack 3

11/7/2009 9:42:11 PM
mbam-log-2009-11-07 (21-42-11).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 193027
Time elapsed: 2 hour(s), 59 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\User\My Documents\Downloads\Activex_Setup.45158.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\My Documents\keylogplot\RockWare.LogPlot.2005.v5.11.3.Incl.Keymaker-AGAiN\Keymaker.exe (Trojan.Downloader) -> Not selected for removal.
C:\Documents and Settings\User\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by Dr Jay on Sun Nov 08, 2009 11:18 pm

Code:
C:\Documents and Settings\User\My Documents\keylogplot\RockWare.LogPlot.2005.v5.11.3.Incl.Keymaker-AGAiN\Keymaker.exe (Trojan.Downloader) -> Not selected for removal.

That needs removed, please. It is not a false positive, it is the leading cause of infection on your computer.

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Mon Nov 09, 2009 9:32 pm

I reran it and deleted the keygenerator program.

Malwarebytes' Anti-Malware 1.41
Database version: 3119
Windows 5.1.2600 Service Pack 3

11/9/2009 2:41:41 PM
mbam-log-2009-11-09 (14-41-41).txt

Scan type: Quick Scan
Objects scanned: 6
Time elapsed: 1 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\User\my documents\keylogplot\RockWare.LogPlot.2005.v5.11.3.Incl.Keymaker-AGAiN\Keymaker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
---------------------
some of these are friendly work files and others are keygerators that a coworker put on here, played with some but haven't used most of them.
ckfiles.txt

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\user\application data\macromedia\flash player\#sharedobjects\z9hkj99t\crackle.com\cracklesettings.sol
c:\documents and settings\user\application data\macromedia\flash player\#sharedobjects\z9hkj99t\crackle.com\tracking.sol
c:\documents and settings\user\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
(edited)
----- EOF -----

Thanks.


Last edited by wooowooo on Thu Nov 12, 2009 12:54 am; edited 1 time in total

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by Dr Jay on Tue Nov 10, 2009 1:46 am

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware." Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

==

Please use Internet Explorer and run a [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Tue Nov 10, 2009 2:10 am

Wow, thanks for the info, I will discontinue use of that stuff!

BitDefender QuickScan Beta v0.9.7.8
-----------------------------------

Scan date: Mon Nov 09 19:57:36 2009
Machine ID: 6CC73027



No infection found.
---------------------


Processes
---------
Google Quick Search Box 1652 C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
Launchpad.exe 2164 C:\Program Files\IC Media Corp\Micro Webcam Basic IC50C\Launchpad.exe
MySpace Instant Messenger 1712 C:\Program Files\MySpace\IM\MySpaceIM.exe
MySpace Instant Messenger 3120 C:\Program Files\MySpace\IM\MySpaceIM.exe
Bytemobile Web Configuration Service 1880 C:\WINDOWS\system32\bmwebcfg.exe
CrypKey NT Service 1896 C:\WINDOWS\system32\crypserv.exe
RegSrvc Module 2024 C:\WINDOWS\system32\RegSrvc.exe
Event Monitor - Supports driver extensions to NIC 916 C:\WINDOWS\system32\S24EvMon.exe
ZeroCfgSvc MFC Application 1904 C:\WINDOWS\system32\ZCfgSvc.exe

OneCare Setup Package 1132 C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\BKBEDY3C\SetupOneCare[1].exe
Windows Live OneCare Setup 200 C:\fd088d0781a70b328db5eae85710\ocsetup.exe
waolmon 3380 C:\Program Files\AOL 9.1\shellmon.exe
AOL Software 2080 C:\Program Files\AOL 9.1\waol.exe
AOL 1600 C:\Program Files\Common Files\AOL\1046827405\ee\AOLSoftware.exe
AOL Connectivity Service 1852 C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
AOL TopSpeed 856 C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
RealNetworks Scheduler 1640 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
GoogleToolbarNotifier 640 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Java(TM) Quick Starter Service 1976 C:\Program Files\Java\jre6\bin\jqs.exe
Java(TM) Update Checker 1668 C:\Program Files\Java\jre6\bin\jucheck.exe
Java(TM) Platform SE binary 1616 C:\Program Files\Java\jre6\bin\jusched.exe
Ad-Aware Service 1244 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
Service Executable 3232 C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
Firefox 3196 C:\Program Files\Mozilla Firefox\firefox.exe
System settings protector 740 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Windows Explorer 1024 C:\WINDOWS\Explorer.EXE
Application Layer Gateway Service 860 C:\WINDOWS\System32\alg.exe
Client Server Runtime Process 512 C:\WINDOWS\system32\csrss.exe
CTF Loader 1692 C:\WINDOWS\system32\ctfmon.exe
LSA Shell (Export Version) 592 C:\WINDOWS\system32\lsass.exe
Windows® installer 2564 C:\WINDOWS\system32\msiexec.exe
Services and Controller app 580 C:\WINDOWS\system32\services.exe
Windows NT Session Manager 456 C:\WINDOWS\System32\smss.exe
Spooler SubSystem App 1340 C:\WINDOWS\system32\spoolsv.exe
Generic Host Process for Win32 Services 1820 C:\WINDOWS\System32\svchost.exe
Generic Host Process for Win32 Services 976 C:\WINDOWS\System32\svchost.exe
Generic Host Process for Win32 Services 156 C:\WINDOWS\System32\svchost.exe
Generic Host Process for Win32 Services 756 C:\WINDOWS\system32\svchost.exe
Generic Host Process for Win32 Services 804 C:\WINDOWS\system32\svchost.exe
Generic Host Process for Win32 Services 1088 C:\WINDOWS\System32\svchost.exe
Generic Host Process for Win32 Services 876 C:\WINDOWS\System32\svchost.exe
Windows NT Logon Application 536 C:\WINDOWS\system32\winlogon.exe
Windows Security Center Notification App 1436 C:\WINDOWS\system32\wscntfy.exe
Windows Update 2816 C:\WINDOWS\system32\wuauclt.exe
Windows Update 3648 C:\WINDOWS\system32\wuauclt.exe


Network activity
----------------
Process MySpaceIM.exe (1712) connected on port 1863 (MSN) - 204.16.33.175
Process waol.exe (2080) connected on port 5190 (AIM/ICQ) - 64.12.8.93
Process waol.exe (2080) connected on port 5190 (AIM/ICQ) - 64.12.25.169
Process MySpaceIM.exe (3120) connected on port 9919 - 142.103.114.163
Process firefox.exe (3196) connected on port 80 (HTTP) - 96.6.252.20
Process firefox.exe (3196) connected on port 80 (HTTP) - 74.125.127.101
Process firefox.exe (3196) connected on port 80 (HTTP) - 74.125.127.101

Process svchost.exe (804) listens on ports: 135 (RPC)
Process MySpaceIM.exe (3120) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 31138


Autoruns and critical files
---------------------------
Adobe Acrobat SpeedLauncher C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Google Quick Search Box C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRONotifyMgr Module C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
Microsoft Office 2000 component C:\Program Files\Microsoft Office\Office\OSA9.EXE
MySpace Instant Messenger C:\Program Files\MySpace\IM\MySpaceIM.exe
qttask.exe C:\Program Files\QuickTime\qttask.exe
LogonNotify DLL C:\WINDOWS\system32\LgNotify.dll

AOL Software C:\Program Files\AOL 9.1\AOL.EXE
ATTCM.EXE C:\Program Files\AT&T\Communication Manager\ATTCM.exe
AOL C:\Program Files\Common Files\AOL\1046827405\ee\AOLSoftware.exe
RealNetworks Scheduler C:\Program Files\Common Files\Real\Update_OB\realsched.exe
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Java(TM) Platform SE binary C:\Program Files\Java\jre6\bin\jusched.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Microsoft Malware Protection Command Line Utility C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
Windows Live OneCare Tray Notification C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
System settings protector C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Shell Browser UI Library C:\WINDOWS\system32\browseui.dll
Crypto API32 C:\WINDOWS\system32\crypt32.dll
Crypto Network Related API C:\WINDOWS\system32\cryptnet.dll
Offline Network Agent C:\WINDOWS\system32\cscdll.dll
CTF Loader C:\WINDOWS\system32\ctfmon.exe
DIMS Notification Handler C:\WINDOWS\system32\dimsntfy.dll
Windows Logon UI C:\WINDOWS\system32\logonui.exe
Secondary Logon Service Notification DLL C:\WINDOWS\system32\sclgntfy.dll
Windows Shell Common Dll C:\WINDOWS\system32\shell32.dll
Systray shell service object C:\WINDOWS\system32\stobject.dll
Userinit Logon Application c:\windows\system32\userinit.exe
Web Site Monitor C:\WINDOWS\system32\webcheck.dll
Windows Genuine Advantage Notification C:\WINDOWS\system32\WgaLogon.dll
Common DLL to receive Winlogon notifications C:\WINDOWS\system32\wlnotify.dll
Windows Portable Device Shell Service Object C:\WINDOWS\system32\WPDShServiceObj.dll


Browser plugins
---------------
Java(TM) Quick Starter binary c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
RealJukebox Netscape Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
6.0.12.69 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
MetaStream 3 Plugin r4 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
InstallShield Update Service Setup Player Module C:\WINDOWS\Downloaded Program Files\dwusplay.dll
InstallShield Update Service Setup Player C:\WINDOWS\Downloaded Program Files\dwusplay.exe
InstallShield Update Service Web Agent C:\WINDOWS\Downloaded Program Files\isusweb.dll
Adobe Shockwave for Director Netscape plug-in, ver C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Bytemobile Network Provider C:\WINDOWS\system32\bmnet.dll

Fast Search c:\program files\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll
Google Toolbar c:\program files\google\google toolbar\googletoolbar_32.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
Java(TM) Platform SE binary c:\program files\java\jre6\bin\jp2ssv.dll
Windows Messenger C:\Program Files\Messenger\msmsgs.exe
Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
RealPlayer(tm) LiveConnect-Enabled Plug-In C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
RealPlayer Download and Record Plugin c:\program files\real\realplayer\rpbrowserrecordplugin.dll
SBSD IE Protection c:\program files\spybot - search & destroy\sdhelper.dll
EPUWALControl Module C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
Adobe® Flash® Player ActiveX Installer C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
LMIProxyHelper.exe C:\WINDOWS\Downloaded Program Files\LMIProxyHelper.exe
Microsoft Support Diagnostic Tool Control C:\WINDOWS\Downloaded Program Files\MSDcode.dll
MySpace Uploader Control C:\WINDOWS\Downloaded Program Files\MySpaceUploader2.ocx
RACtrl.dll C:\WINDOWS\Downloaded Program Files\RACtrl.dll
Microsoft Layer for Unicode on Win9x Systems (MSLU C:\WINDOWS\Downloaded Program Files\unicows.dll
Windows Presentation Foundation (WPF) plug-in for c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Network Diagnostic for Windows XP C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Internet Explorer C:\WINDOWS\system32\ieframe.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
Microsoft Windows Sockets 2.0 Service Provider C:\WINDOWS\system32\mswsock.dll
Microsoft Windows Rsvp 1.0 Service Provider C:\WINDOWS\system32\rsvpsp.dll
LDAP RnR Provider DLL C:\WINDOWS\system32\winrnr.dll


Missing files
-------------
File not found: c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
referenced in: HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32\(default)


Scan
----
The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\system32\ckldrv.sys
C:\WINDOWS\System32\Drivers\etusbf.sys

Upload started - 2 file(s)
Upload: C:\WINDOWS\System32\Drivers\etusbf.sys - 21109 bytes, hash: ace0afe3ed33e77162e9c4c79e7b668c
Upload: C:\WINDOWS\system32\ckldrv.sys - 31846 bytes, hash: 22533a4dd98189310b1b48c3b425ef5b
Upload speed - 5 KB/s
Upload finished - 2 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 22 sec
Total traffic - 0.11 MB sent, 3.24 KB recvd
Scanned 1200 files and modules - 620 seconds

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Tue Nov 10, 2009 2:37 am

Something noteworthy, My windows live onecare quit and started acting up on me. I uninstalled. The computer seemed better. I reinstalled, then it seemed slow again. Thanks.

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by Dr Jay on Tue Nov 10, 2009 3:02 am

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Tue Nov 10, 2009 11:09 am

i uploaded it as instructed, and clicked submit, you could see it working, but then nothing happens and it goes back to the home page. What did I do wrong? Thanks for all that you do.

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by Dr Jay on Tue Nov 10, 2009 3:29 pm

What browser did you use?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Wed Nov 11, 2009 11:20 pm

Hey, I was using firefox, but now running it in IE. Thanks.

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Wed Nov 11, 2009 11:28 pm

humm. same response. Please advise thanks.

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Thu Nov 12, 2009 12:46 am

got it:

[You must be registered and logged in to see this link.]

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by Dr Jay on Thu Nov 12, 2009 5:16 am

Please open Malwarebytes' Anti-Malware, and click More Tools tab. Under FileASSASSIN, click Run Tool.

For each file listed below (this process only handles one file at a time), find its location, and you will see the name of the file in the Filename box, then click Open.

File to delete using FileASSASSIN:
C:\WINDOWS\system32\drivers\XRNBO.sys


The FileASSASSIN will then delete the file, or ask you to reboot your computer in order to delete it. Please allow it to reboot, if necessary.

==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Thu Nov 12, 2009 6:02 am

I took care of it, here is the log, Thanks.

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Windows Live OneCare
Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install
Microsoft Windows Live OneCare Resources v2.5.2900.28
GTOneCare
Dr Watson for Microsoft Windows OneCare Live v1.0.0971.42
Microsoft Windows OneCare Live v2.5.2900.28
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
``````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Windows Defender Signatures
HijackThis 2.0.2
Java(TM) 6 Update 14
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by Dr Jay on Thu Nov 12, 2009 6:29 am

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Running slow, possible virus?

Post by wooowooo on Fri Nov 13, 2009 10:22 pm

Thank you, you were very detailed and really appreciate it.

wooowooo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-09-30
OS OS : xp
Points Points : 27003
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum