Slow start up, Errors and much more

View previous topic View next topic Go down

Slow start up, Errors and much more

Post by pappy on Fri Sep 02, 2011 9:41 pm

I'm using a refurbished IBM Think Centere. Since I bought it it has been slow on start up, pages load slowly, the tower makes a loud whining sound. I'm using AVG anti-virus and Advanced system care, but nothing shows up

OTL logfile created on: 9/2/2011 5:06:40 PM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Pappy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.48 Mb Total Physical Memory | 405.19 Mb Available Physical Memory | 39.94% Memory free
2.39 Gb Paging File | 1.65 Gb Available in Paging File | 69.29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 120.23 Gb Free Space | 80.68% Space Free | Partition Type: NTFS

Computer Name: IBM-D4EDF8C2442 | User Name: Pappy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/02 17:05:55 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pappy\My Documents\Downloads\OTL(1).com
PRC - [2011/08/09 16:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 16:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/09/28 13:55:10 | 000,303,936 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 05:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/10/30 12:52:52 | 000,047,456 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2008/08/21 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/12 21:22:42 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2003/03/26 06:34:12 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2002/12/17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/25 22:04:37 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/15 13:27:20 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko5.dll
MOD - [2011/07/08 03:16:28 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/02/18 12:50:34 | 000,533,504 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter3\npchromeplugin.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/02/02 22:39:56 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2010/10/04 17:55:30 | 000,264,704 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter3\npwmi.dll
MOD - [2010/10/04 17:55:14 | 000,292,864 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter3\npsurvey.dll
MOD - [2010/10/04 17:55:04 | 000,184,320 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter3\npsp1.dll
MOD - [2010/10/04 17:48:26 | 000,485,376 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter3\communication.dll
MOD - [2010/09/28 13:49:18 | 000,247,296 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2002/12/17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/05/06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/28 13:55:10 | 000,303,936 | ---- | M] (The Nielsen Company) [Auto | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/01/05 08:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 08:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 08:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/29 15:10:04 | 000,009,088 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nielgfx.sys -- (NielGfx)
DRV - [2009/12/29 15:09:44 | 000,024,192 | ---- | M] (The Nielsen Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - [2009/12/29 15:08:04 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2009/12/29 15:08:02 | 000,010,368 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter)
DRV - [2006/05/10 18:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/22 17:24:00 | 000,014,695 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.4\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=gppc"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:1.0.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..extensions.enabledItems: {52794457-af6c-4c50-9def-f2e24f4c8889}:2.8.0.0
FF - prefs.js..extensions.enabledItems: {6cbc25b0-0a52-11df-8a39-0800200c9a66}:1.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.0.8
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.4
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbe39d8&v=7.007.026.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Pappy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files\NetRatingsNetSight\NetSight\meter3\FFAddon\ [2011/05/23 22:33:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/11 22:45:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 08:28:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Documents and Settings\All Users\Application DataMozilla\Extensions\superfish@superfish.com [2011/05/20 13:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/27 17:23:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 19:26:55 | 000,000,000 | ---D | M]

[2010/06/28 15:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Extensions
[2010/06/28 15:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/11/20 16:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/08/15 13:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions
[2010/07/22 10:26:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 20:35:27 | 000,000,000 | ---D | M] (WhiteSmoke Toolbar) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}
[2011/07/07 08:46:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/01 14:59:53 | 000,000,000 | ---D | M] (Shop to Win4) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\{6cbc25b0-0a52-11df-8a39-0800200c9a66}
[2011/08/15 13:52:50 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/05/20 13:17:27 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\extensions\searchtoolbar@zugo.com
[2011/06/02 20:15:17 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\searchplugins\askcom.xml
[2011/05/20 13:17:29 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\searchplugins\bing-zugo.xml
[2009/10/16 13:05:34 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\searchplugins\bing.xml
[2009/12/31 22:03:27 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\searchplugins\mywebsearch.xml
[2010/07/24 13:18:13 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\searchplugins\sweetim.xml
[2011/07/07 08:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/28 07:40:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/01 07:18:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 18:57:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 07:10:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 06:12:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PAPPY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\E701NAD5.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2011/08/09 08:28:18 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/08/11 22:45:16 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/04/07 20:43:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/22 20:32:55 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2010/09/25 21:47:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.4\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.4\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59CB0C36-08F6-41D2-B8BE-D08342A56B53}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Pappy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pappy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 17:29:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.ivimp3en - C:\WINDOWS\System32\IviMp3En.acm (Intervideo Inc.)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/14 07:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/08/13 13:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Local Settings\Application Data\PackageAware
[2011/08/11 18:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pappy\Local Settings\Application Data\Unity
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/02 17:02:43 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoCare.job
[2011/09/02 17:00:30 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoUpdate.job
[2011/09/02 16:45:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2011/09/02 16:03:18 | 130,856,529 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/02 15:59:08 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoSweep.job
[2011/09/02 15:56:34 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/02 15:56:33 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2011/09/02 15:56:33 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/09/02 15:56:32 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/09/02 15:56:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/31 19:18:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Pappy\Local Settings\Application Data\prvlcl.dat
[2011/08/29 20:48:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/28 02:16:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2011/08/25 22:04:38 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/24 05:33:56 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\Dover .url
[2011/08/20 17:01:59 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/08/20 17:01:55 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/08/19 18:33:55 | 002,023,340 | ---- | M] () -- C:\Documents and Settings\Pappy\My Documents\photo 1.JPG
[2011/08/16 20:49:01 | 000,119,928 | ---- | M] () -- C:\Documents and Settings\Pappy\My Documents\288593_10150286521653770_691798769_7656334_5918267_o.jpg
[2011/08/16 20:33:46 | 001,578,306 | ---- | M] () -- C:\Documents and Settings\Pappy\My Documents\2011-08-16 20.11.23(1).jpg
[2011/08/16 17:46:10 | 001,578,306 | R--- | M] () -- C:\Documents and Settings\Pappy\My Documents\2011-08-16 20.11.23.jpg
[2011/08/14 08:52:09 | 001,542,294 | ---- | M] () -- C:\Documents and Settings\Pappy\My Documents\Boy Scouts.bmp
[2011/08/14 07:13:39 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/08/12 19:49:26 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Pappy\Desktop\Gmail.url
[2011/08/11 03:05:30 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 03:05:30 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/09 08:28:19 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/24 05:33:37 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\Dover .url
[2011/08/19 18:34:25 | 002,023,340 | ---- | C] () -- C:\Documents and Settings\Pappy\My Documents\photo 1.JPG
[2011/08/16 20:49:14 | 000,119,928 | ---- | C] () -- C:\Documents and Settings\Pappy\My Documents\288593_10150286521653770_691798769_7656334_5918267_o.jpg
[2011/08/16 20:46:21 | 001,578,306 | R--- | C] () -- C:\Documents and Settings\Pappy\My Documents\2011-08-16 20.11.23.jpg
[2011/08/16 20:34:02 | 001,578,306 | ---- | C] () -- C:\Documents and Settings\Pappy\My Documents\2011-08-16 20.11.23(1).jpg
[2011/08/14 08:52:09 | 001,542,294 | ---- | C] () -- C:\Documents and Settings\Pappy\My Documents\Boy Scouts.bmp
[2011/08/14 07:13:19 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/08/12 19:49:05 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Pappy\Desktop\Gmail.url
[2010/07/16 18:20:02 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2010/07/16 18:20:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2010/06/28 16:13:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/06/28 16:13:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/06/28 16:13:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/06/28 16:13:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/06/28 16:13:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/06/28 16:13:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/01/16 10:06:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/10 18:34:52 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Pappy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/07 09:44:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pappy\Local Settings\Application Data\prvlcl.dat
[2009/09/30 09:39:07 | 000,007,314 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2009/09/30 09:36:43 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/09/24 13:23:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/20 17:31:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/20 17:26:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/20 17:06:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/20 09:19:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/20 09:18:52 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/21 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/08/21 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/08/21 08:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/08/21 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/08/21 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/08/21 08:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/08/21 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/08/21 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/08/21 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/08/21 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/08/21 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/08/21 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2011/05/20 06:58:05 | 000,001,714 | -H-- | M] () -- C:\Documents and Settings\Pappy\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/07/08 03:16:28 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/07/08 03:16:28 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/07/08 03:16:28 | 000,265,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/07/07 08:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/20 17:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/07/20 11:53:10 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/06/02 21:27:56 | 000,000,000 | ---D | M] -- C:\Program Files\Application Updater
[2010/10/19 20:54:42 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/07/25 18:40:29 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/03/20 17:26:32 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/03/01 20:44:18 | 000,000,000 | ---D | M] -- C:\Program Files\Dome Publishing Company
[2011/01/18 15:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2011/03/20 19:57:42 | 000,000,000 | ---D | M] -- C:\Program Files\FUJIFILM
[2011/08/28 14:09:20 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/09/30 09:40:47 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/12/25 19:03:04 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/08/11 03:02:45 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/06/28 16:13:45 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2011/04/27 17:40:20 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2011/06/02 21:27:55 | 000,000,000 | ---D | M] -- C:\Program Files\IObit Toolbar
[2010/05/02 20:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2011/03/01 06:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/09/24 13:57:48 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/07/07 08:46:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/03/20 17:29:43 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/01/15 20:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2009/09/29 06:34:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/07/07 08:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/13 03:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/09/01 19:00:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/10/17 09:24:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/29 06:34:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/09/24 13:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/03/20 17:26:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/20 17:27:45 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/07/16 16:54:09 | 000,000,000 | ---D | M] -- C:\Program Files\NetRatingsNetSight
[2010/12/16 22:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\Online Games Downloader
[2009/03/20 17:28:10 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/17 04:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/12/04 12:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/06/20 18:05:58 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoScape
[2011/07/25 18:41:11 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/10/17 09:24:08 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/05/20 13:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\Search Toolbar
[2010/08/01 10:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2011/05/20 13:17:17 | 000,000,000 | ---D | M] -- C:\Program Files\Superfish
[2010/08/29 21:44:04 | 000,000,000 | ---D | M] -- C:\Program Files\SweetIM
[2011/01/01 14:59:02 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2011/06/27 22:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel Toolbar
[2010/06/28 15:02:01 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2010/06/28 15:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2010/01/16 07:41:38 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/03/20 17:40:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/12/23 20:35:32 | 000,000,000 | ---D | M] -- C:\Program Files\whitesmoketoolbar
[2010/05/08 22:39:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/05/08 22:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/20 17:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/20 17:28:13 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/03/20 17:29:43 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/12/04 12:11:17 | 000,000,000 | ---D | M] -- C:\Program Files\Xobni
[2010/02/21 20:34:33 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2008/08/21 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/08/21 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/21 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/08/21 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/08/21 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/08/21 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/08/21 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/08/21 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/08/21 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/08/21 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-24 07:00:36

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/21 07:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/21 07:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/21 07:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/06/20 07:29:11 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/21 07:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/21 07:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/21 07:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/06/20 07:29:11 | 000,634,648 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

pappy
Novice
Novice

Posts Posts : 41
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by Dr Jay on Sat Sep 03, 2011 12:32 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by pappy on Sat Sep 03, 2011 1:30 am

ComboFix 11-09-02.04 - Pappy 09/02/2011 21:20:05.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.239 [GMT -4:00]
Running from: c:\documents and settings\Pappy\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pappy\Application Data\facemoods.com
c:\documents and settings\Pappy\My Documents\158.jpg
c:\documents and settings\Pappy\My Documents\Downloads\PowerPointViewer.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\whitesmoketoolbar\whITesmoketoolbarx.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-02 21:46 . 2011-09-03 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-02 21:46 . 2011-09-02 21:46 -------- d-----w- c:\program files\AVAST Software
2011-08-14 11:24 . 2011-08-14 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-13 17:21 . 2011-08-13 17:21 -------- d-----w- c:\documents and settings\Pappy\Local Settings\Application Data\PackageAware
2011-08-11 22:06 . 2011-08-11 22:06 -------- d-----w- c:\documents and settings\Pappy\Local Settings\Application Data\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 02:04 . 2011-07-07 11:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-08-21 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-08-21 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-03-20 21:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2008-08-21 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2008-08-21 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2008-08-21 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2008-08-21 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2008-08-21 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-08-21 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-07-08 07:16 . 2011-07-07 11:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-10-30 47456]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2010-6-28 114688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Pappy\\My Documents\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Documents and Settings\\Pappy\\My Documents\\Downloads\\Facemoods.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys [7/16/2010 4:58 PM 24192]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 297168]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [7/16/2010 4:58 PM 15360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 8:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 74480]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [4/27/2011 5:40 PM 328536]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [5/6/2011 5:33 PM 393112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 NielsenUpdate;Nielsen Update;c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [1/26/2011 5:04 PM 303936]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 27216]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [7/16/2010 4:58 PM 10368]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/7/2011 5:03 AM 947528]
S3 cpuz134;cpuz134;\??\c:\docume~1\Pappy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Pappy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [7/16/2010 4:58 PM 9088]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 7408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/21/2008 8:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-09-02 c:\windows\Tasks\ASC4_AutoCare.job
- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-04-27 20:38]
.
2011-09-03 c:\windows\Tasks\ASC4_AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-04-27 20:38]
.
2011-09-02 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-04-27 20:38]
.
2011-09-03 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-04-27 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\Superfish\Window Shopper\SuperfishIEAddon.dll
TCP: DhcpNameServer = 192.168.10.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Pappy\Application Data\Mozilla\Firefox\Profiles\e701nad5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Pappy\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-02 21:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2011-09-02 21:27:30
ComboFix-quarantined-files.txt 2011-09-03 01:27
ComboFix2.txt 2010-09-26 23:45
.
Pre-Run: 129,098,612,736 bytes free
Post-Run: 129,142,149,120 bytes free
.
- - End Of File - - 3067A2CBFED4964B2F462AD8C000C54E

pappy
Novice
Novice

Posts Posts : 41
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by Dr Jay on Sat Sep 03, 2011 11:28 am

Scan for malware

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by pappy on Sat Sep 03, 2011 11:57 am

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 17:23:30
-----------------------------
17:23:30.421 OS Version: Windows 5.1.2600 Service Pack 3
17:23:30.421 Number of processors: 2 586 0x401
17:23:30.421 ComputerName: IBM-D4EDF8C2442 UserName: Pappy
17:23:31.593 Initialize success
17:23:46.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:23:46.890 Disk 0 Vendor: ST3160812AS 3.ADH Size: 152587MB BusType: 3
17:23:48.906 Disk 0 MBR read successfully
17:23:48.906 Disk 0 MBR scan
17:23:48.906 Disk 0 Windows XP default MBR code
17:23:48.921 Disk 0 scanning sectors +312496380
17:23:49.000 Disk 0 scanning C:\WINDOWS\system32\drivers
17:23:53.531 Service scanning
17:23:54.468 Modules scanning
17:23:59.359 Disk 0 trace - called modules:
17:23:59.375 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
17:23:59.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86378ab8]
17:23:59.375 3 CLASSPNP.SYS[f765bfd7] -> nt!IofCallDriver -> \Device\00000066[0x8634ee98]
17:23:59.375 5 ACPI.sys[f75c2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x863cf940]
17:23:59.390 Scan finished successfully
17:24:31.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pappy\Desktop\MBR.dat"
17:24:31.796 The log file has been saved successfully to "C:\Documents and Settings\Pappy\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-03 07:50:37
-----------------------------
07:50:37.375 OS Version: Windows 5.1.2600 Service Pack 3
07:50:37.375 Number of processors: 2 586 0x401
07:50:37.375 ComputerName: IBM-D4EDF8C2442 UserName: Pappy
07:50:37.859 Initialize success
07:50:51.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:50:51.656 Disk 0 Vendor: ST3160812AS 3.ADH Size: 152587MB BusType: 3
07:50:53.687 Disk 0 MBR read successfully
07:50:53.687 Disk 0 MBR scan
07:50:53.687 Disk 0 Windows XP default MBR code
07:50:53.687 Disk 0 scanning sectors +312496380
07:50:53.765 Disk 0 scanning C:\WINDOWS\system32\drivers
07:50:59.671 Service scanning
07:51:00.687 Modules scanning
07:51:05.015 Disk 0 trace - called modules:
07:51:05.046 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
07:51:05.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863c8ab8]
07:51:05.062 3 CLASSPNP.SYS[f766bfd7] -> nt!IofCallDriver -> \Device\00000067[0x863d5f18]
07:51:05.062 5 ACPI.sys[f75c2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86335d98]
07:51:05.062 Scan finished successfully
07:51:37.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pappy\Desktop\MBR.dat"
07:51:37.500 The log file has been saved successfully to "C:\Documents and Settings\Pappy\Desktop\aswMBR.txt"


Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7642

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/3/2011 7:44:26 AM
mbam-log-2011-09-03 (07-44-26).txt

Scan type: Quick scan
Objects scanned: 181551
Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Pappy\my documents\downloads\pcmightymax2010_610.exe (Rogue.PcMightyMax) -> Quarantined and deleted successfully.
c:\documents and settings\Pappy\my documents\downloads\whitesmokewritergeo5002_en(2).exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Pappy\my documents\downloads\whitesmokewritergeo5002_en.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

pappy
Novice
Novice

Posts Posts : 41
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by Dr Jay on Sat Sep 03, 2011 12:05 pm

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by pappy on Sat Sep 03, 2011 2:38 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=0a4bc70ea6fee64eba23701a0b308e5b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2011-09-03 02:28:41
# local_time=2011-09-03 10:28:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777173 100 97 0 58113462 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=57305
# found=27
# cleaned=27
# scan_time=6404
C:\Documents and Settings\Pappy\My Documents\Downloads\Facemoods.exe probably a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 9957B0472BC21740D1424781D6306277 C
C:\Documents and Settings\Pappy\My Documents\Downloads\PDFConverterSetup.exe a variant of Win32/InstallCore.C application (cleaned by deleting - quarantined) DD0DAB4E73E0EF12BA8DD01BBF11B905 C
C:\Documents and Settings\Pappy\My Documents\Downloads\registrybooster(1).exe Win32/RegistryBooster application (deleted - quarantined) 727A34F00DA5DF2993896033C58E2ED9 C
C:\Documents and Settings\Pappy\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) F5242905EF4178E99CCA3A82335BE23E C
C:\Documents and Settings\Pappy\My Documents\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.A application (cleaned by deleting - quarantined) 23F450AC8F9230ADB66B081890490F41 C
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 57CF98BDE75221EDA9E242EA346F9745 C
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 8CD9E7BC107216D6BB81B0799603CD93 C
C:\Program Files\IObit Toolbar\IE\4.4\iobitToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 4EDE4EA39E4FC5CA4190DB4B6C20DA34 C
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 5DDB11EA4AE68DC90C4D3EB427C290D3 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP280\A0035730.old a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 3A3A9BD1CF4461EF6752301F778233D9 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP284\A0036083.old a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 3A3A9BD1CF4461EF6752301F778233D9 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP285\A0036556.old a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 3A3A9BD1CF4461EF6752301F778233D9 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP290\A0037412.old a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 3A3A9BD1CF4461EF6752301F778233D9 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP291\A0037695.old a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 3A3A9BD1CF4461EF6752301F778233D9 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP293\A0038050.old a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 3A3A9BD1CF4461EF6752301F778233D9 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP293\A0038135.old a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 3A3A9BD1CF4461EF6752301F778233D9 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP293\A0038535.old a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 3A3A9BD1CF4461EF6752301F778233D9 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP316\A0040634.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) EC7815D393C8021DBFAD69489971A2EC C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP316\A0040635.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) BD45CDCD16DBBB6D1BA1D7AAFB0B3D43 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP316\A0040636.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 440F1DE6FE3CD83E9C41CF22D1C2C5EC C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP316\A0040637.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 6479FE1F31B537398BD493F3DBF6CA06 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP316\A0040638.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 68BD15916EDFD537899CB6FFACB95C84 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP316\A0040639.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 1049D48BD75DBA0BB9456B06CDB6FAD4 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP337\A0043822.dll Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 5DDB11EA4AE68DC90C4D3EB427C290D3 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP337\A0043925.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 57CF98BDE75221EDA9E242EA346F9745 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP337\A0043926.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 8CD9E7BC107216D6BB81B0799603CD93 C
C:\System Volume Information\_restore{A87A0163-732C-4158-A189-60C867A880C8}\RP337\A0043927.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 4EDE4EA39E4FC5CA4190DB4B6C20DA34 C

pappy
Novice
Novice

Posts Posts : 41
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by Dr Jay on Sun Sep 04, 2011 11:49 pm

How is it running now?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by pappy on Sun Sep 04, 2011 11:54 pm

It's running better but still slow at start up, and the tower is still making the annoying high pitched whine. It's quiet at first but gets louder as time goes on.

pappy
Novice
Novice

Posts Posts : 41
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by Dr Jay on Mon Sep 05, 2011 11:27 am

The whining noise has to do with your onboard speaker usually. Only way to get rid of the sound is to disconnect it.

Download Autoruns for Windows: [You must be registered and logged in to see this link.]
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:



Attach the file to your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by pappy on Mon Sep 05, 2011 11:59 am

I downloaded it but I'm not getting any drop down menu

pappy
Novice
Novice

Posts Posts : 41
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by Dr Jay on Wed Sep 07, 2011 11:20 am

Post a screenshot of what you are seeing wrong...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by pappy on Wed Sep 07, 2011 11:44 am

I right click on it but I cant get a screen shot. What am I doing wrong? Plus I still get an error message at start up but then the page eventually opens

pappy
Novice
Novice

Posts Posts : 41
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow start up, Errors and much more

Post by Dr Jay on Fri Sep 09, 2011 10:49 am

[You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum