Slow computer - not sure if virus / malware

View previous topic View next topic Go down

Slow computer - not sure if virus / malware

Post by efcdcdb on Wed Nov 09, 2011 3:56 am

I am not sure if I have malware. My computer has been running very slow so I posted on a different forum topic and was directed here. Here is my OTL log:

OTL logfile created on: 11/8/2011 10:06:04 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Cheryl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 130.29 Mb Available Physical Memory | 25.88% Memory free
1.20 Gb Paging File | 0.76 Gb Available in Paging File | 63.17% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 42.77 Gb Free Space | 57.39% Space Free | Partition Type: NTFS

Computer Name: HOMEPC | User Name: Cheryl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 22:04:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.com
PRC - [2011/09/28 19:38:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/06 15:30:46 | 002,705,752 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/16 17:23:48 | 000,939,776 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2005/06/16 17:15:34 | 000,444,160 | ---- | M] (Zone Labs LLC) -- C:\Program Files\Zone Labs\Integrity Client\iclient.exe
PRC - [2005/01/27 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABA.EXE
PRC - [2004/10/27 01:49:14 | 000,073,728 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 04:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/04/23 18:20:48 | 005,182,464 | ---- | M] (Cisco Linksys Corporation) -- C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 17:31:14 | 000,167,936 | ---- | M] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\smpWebIde\NativeMobileNotifier.dll
MOD - [2011/10/14 21:22:16 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 21:10:11 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 21:09:43 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/13 20:19:51 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/13 20:19:50 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/13 20:19:48 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/13 20:19:48 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/13 20:19:42 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/13 20:19:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/13 20:19:40 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/13 20:19:39 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/13 20:19:36 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/13 20:19:27 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/09/28 19:38:30 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/03/02 19:58:26 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/06 11:00:48 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/06 11:00:48 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/06 11:00:47 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/06 11:00:46 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/06 11:00:46 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/06 11:00:46 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/06 11:00:45 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/02/06 11:00:45 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/06 11:00:45 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/01/26 21:13:02 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/01/26 21:13:01 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/01/26 21:13:00 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2011/01/26 21:12:59 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2011/01/26 21:12:59 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2011/01/26 21:12:59 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2011/01/26 21:12:57 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/01/26 21:12:56 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2010/02/06 13:46:22 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/02/06 13:46:21 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/02/06 13:46:19 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/06 13:46:19 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/06 13:46:19 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/06 13:46:19 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/06 13:46:18 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/06 13:46:18 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/06 13:46:17 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/03/15 20:16:48 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2009/03/15 20:16:48 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2009/03/15 20:16:48 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2009/03/15 20:16:47 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/03/15 20:16:47 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2009/03/15 20:16:47 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/02/15 17:38:48 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/01/19 15:47:18 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/01/19 15:47:17 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/01/19 15:38:57 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/01/12 18:56:14 | 000,071,504 | ---- | M] () -- C:\Program Files\IObit\IObit SmartDefrag\taskdll.dll
MOD - [2009/01/12 18:56:00 | 000,059,216 | ---- | M] () -- C:\Program Files\IObit\IObit SmartDefrag\NtfsData.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 00:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\WMP54GS Wireless Network Monitor\GEMWEP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54GSVC)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/12/11 04:39:12 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2005/06/16 17:23:48 | 000,939,776 | ---- | M] (Zone Labs LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2004/08/04 04:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2011/11/08 21:04:20 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23E0D57F-3BE8-490E-92E5-2CAD3C3759BD}\MpKsl5d5bab1f.sys -- (MpKsl5d5bab1f)
DRV - [2005/06/16 17:23:36 | 000,203,272 | ---- | M] (Zone Labs LLC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/27 00:57:38 | 002,284,864 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 04:54:32 | 000,269,387 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/19 10:51:02 | 000,300,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/07/24 18:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.rr.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.9rc4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:5.0.9.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.20.00
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z207&form=ZGAADF&install_date=20111107&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Cheryl\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Cheryl\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Cheryl\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/15 10:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/18 18:04:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/04 19:04:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Cheryl\Application Data\Move Networks [2009/10/30 09:42:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/15 10:48:48 | 000,000,000 | ---D | M]

[2009/10/02 20:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Extensions
[2011/11/08 22:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\1uuh4bg0.default\extensions
[2011/08/28 17:58:04 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\1uuh4bg0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/07/20 19:04:12 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\1uuh4bg0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/11/08 22:01:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\1uuh4bg0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/10/01 10:19:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\1uuh4bg0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/10/16 12:09:27 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\1uuh4bg0.default\extensions\2020Player_WEB@2020Technologies.com
[2011/11/06 19:31:32 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\1uuh4bg0.default\extensions\plugin@yontoo.com
[2011/11/06 19:31:05 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\1uuh4bg0.default\searchplugins\bing-zugo.xml
[2011/11/07 19:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/30 09:42:24 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\CHERYL\APPLICATION DATA\MOVE NETWORKS
[2009/10/31 18:06:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/06 18:07:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/09/26 20:02:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmartDefrag] C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\Integrity Client\iclient.exe (Zone Labs LLC)
O4 - HKCU..\Run: [NativeMobileNotifier] C:\Documents and Settings\Cheryl\Local Settings\Application Data\smpWebIde\NativeMobileNotifier.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} [You must be registered and logged in to see this link.] (Microsoft RDP Client Control (redist))
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} [You must be registered and logged in to see this link.] (Domino Web Access 7 Control)
O16 - DPF: {E1861630-32C2-4FF4-ADE8-D9BE7F2EE4D4} [You must be registered and logged in to see this link.] (StmtsCacheControl.StmtsCacheDeleter)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O16 - DPF: Garmin Internet Explorer Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86351465-424E-4960-B5B2-E39EE9C2557E}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Cheryl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cheryl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/18 14:23:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)


efcdcdb
Intermediate
Intermediate

Posts Posts : 58
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow computer - not sure if virus / malware

Post by efcdcdb on Wed Nov 09, 2011 3:57 am

Post #2 (OTL cont'd)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 22:04:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.com
[2011/11/08 19:37:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/11/06 19:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/11/06 19:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/11/06 19:29:34 | 000,237,656 | ---- | C] (OpenInstall ) -- C:\Documents and Settings\Cheryl\Desktop\setup_PlayPickle_v1.exe
[2011/11/04 19:07:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cheryl\Recent
[2011/11/01 18:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\smpWebIde
[2011/10/13 20:17:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/08 22:04:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.com
[2011/11/08 22:02:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/08 21:22:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/08 21:09:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/08 21:08:03 | 000,477,188 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 21:08:03 | 000,078,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 21:04:34 | 000,000,577 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/11/08 21:03:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/08 21:03:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/08 19:26:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 22:00:11 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/11/06 20:10:18 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2011/11/06 19:34:16 | 000,000,064 | ---- | M] () -- C:\WINDOWS\GPlrLanc.dat
[2011/11/06 19:30:08 | 000,237,656 | ---- | M] (OpenInstall ) -- C:\Documents and Settings\Cheryl\Desktop\setup_PlayPickle_v1.exe
[2011/11/04 19:04:11 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/04 17:58:07 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/30 15:25:06 | 003,179,520 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/10/30 15:25:06 | 001,500,160 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/10/29 19:57:27 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Cheryl\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/14 21:06:53 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/10 09:22:41 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/06 19:34:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/11/04 19:04:10 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/27 21:40:44 | 000,282,594 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/06 18:16:01 | 000,438,368 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/15 10:51:26 | 000,022,742 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2009/11/15 10:47:31 | 000,022,742 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/10/02 20:36:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/20 20:27:55 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2008/06/12 20:00:04 | 000,066,532 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/06/12 20:00:04 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/06/12 20:00:04 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/06/12 20:00:04 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/06/12 20:00:04 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/06/12 20:00:04 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/06/12 20:00:04 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/06/12 20:00:04 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/06/12 20:00:04 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/06/12 20:00:04 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/06/12 20:00:04 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/06/12 20:00:04 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/06/12 20:00:04 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/06/12 20:00:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/06/12 19:57:55 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSONSC88+.ini
[2008/05/23 20:03:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/05/23 20:02:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2008/01/18 15:53:09 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2008/01/18 15:53:09 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/01/18 15:51:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/18 15:48:30 | 000,000,066 | ---- | C] () -- C:\WINDOWS\EPSC66EF.ini
[2008/01/18 15:36:05 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/01/18 15:04:09 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/01/18 15:04:08 | 000,143,384 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/01/18 15:02:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/01/18 14:55:20 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/01/18 14:49:52 | 000,000,878 | R--- | C] () -- C:\WINDOWS\System32\qs3ant.ini
[2008/01/18 14:25:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/01/18 14:20:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/01/18 09:14:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/18 09:11:48 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/28 19:03:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/24 23:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/24 23:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,477,188 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,078,014 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2008/05/30 23:09:46 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\avenger.exe
[2011/03/27 17:18:25 | 004,143,544 | ---- | M] (Garmin International) -- C:\Documents and Settings\Cheryl\Desktop\GarminMapUpdater_v2.5.17.exe
[2009/01/25 11:53:11 | 2057,756,582 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\garmin_rmu_cnnant2009_1.exe
[2009/09/25 19:56:55 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Cheryl\Desktop\HJTInstall.exe
[2009/11/15 10:47:20 | 027,325,416 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\hp_smart_web_printing.exe
[2011/03/02 19:57:40 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Cheryl\Desktop\install_flash_player.exe
[2010/02/28 20:55:33 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\mbr.exe
[2011/04/12 20:48:32 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Cheryl\Desktop\mseinstall.exe
[2010/02/28 19:16:28 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2010/03/02 18:32:04 | 000,508,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTM.exe
[2011/11/06 19:30:08 | 000,237,656 | ---- | M] (OpenInstall ) -- C:\Documents and Settings\Cheryl\Desktop\setup_PlayPickle_v1.exe
[2010/05/29 20:57:45 | 006,260,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Cheryl\Desktop\Silverlight.exe
[2010/10/28 16:47:50 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Cheryl\Desktop\spywareblastersetup44.exe
[2009/10/01 21:06:33 | 526,443,824 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Cheryl\Desktop\X12-30062.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2008/08/26 18:22:08 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Cheryl\My Documents\FileFormatConverters.exe
[2010/04/10 13:32:57 | 2214,896,284 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\garmin_rmu_cnnant2010_40.exe
[2008/01/26 19:13:07 | 013,413,048 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\Google_Earth_BZXD.exe

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/28 19:38:28 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/28 19:38:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/28 19:38:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/28 19:38:36 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/10/07 18:06:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/07/26 19:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\AIM Toolbar
[2008/11/15 09:58:00 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/04/25 19:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2008/11/15 09:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/01/25 20:55:55 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
[2008/05/23 20:04:28 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/11/04 17:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2008/01/18 15:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2010/09/08 20:16:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/01/18 14:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/03/09 22:40:59 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2008/06/26 19:45:38 | 000,000,000 | ---D | M] -- C:\Program Files\EasyGPS
[2008/06/12 20:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2010/04/10 14:45:49 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2008/07/23 09:20:16 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2011/07/14 20:22:35 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/07/04 23:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/11/07 18:48:17 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/01/18 14:43:33 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/10/13 20:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/03/08 19:55:08 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2008/11/15 09:59:31 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2008/11/15 09:59:52 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/11/03 21:14:01 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/04/25 19:18:33 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2008/02/10 15:58:22 | 000,000,000 | ---D | M] -- C:\Program Files\LogicWeave
[2011/10/29 19:57:30 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/26 18:04:50 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/01/18 14:23:26 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/01/18 15:41:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2011/06/29 19:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/08/13 16:49:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2008/01/18 15:47:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/01 21:16:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/10/18 21:21:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/03/27 17:21:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/14 00:51:53 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/10/10 11:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/02/06 10:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/08/26 18:22:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/01/18 14:19:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/01/18 14:20:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/04/26 21:44:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/08/26 17:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/01/18 14:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 22:27:54 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/11/15 09:58:59 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/02/06 10:47:09 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/01/18 15:23:21 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2011/11/04 18:14:57 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2008/08/31 22:19:52 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2011/04/12 20:43:54 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/09/25 20:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2011/01/17 14:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2010/08/15 09:51:06 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2008/01/18 14:41:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/10/01 17:37:09 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2008/09/02 18:49:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/26 17:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/18 14:22:05 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/03/24 17:37:41 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/01/18 15:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\WMP54GS Wireless Network Monitor
[2008/01/18 14:23:26 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/03/08 19:48:39 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2011/11/06 19:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Runtime
[2008/01/18 15:35:58 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/26 17:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/26 17:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/26 17:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/26 17:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/26 17:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/08/26 17:50:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-09 02:02:28

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/28 19:38:36 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/28 19:38:36 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/28 19:38:36 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/28 19:38:28 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/28 19:38:28 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/28 19:38:28 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/17 07:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/17 07:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/17 07:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/08/17 06:01:37 | 000,634,632 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/28 19:38:36 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/28 19:38:36 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/28 19:38:36 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/28 19:38:28 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/28 19:38:28 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/28 19:38:28 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/17 07:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/17 07:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/17 07:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/08/17 06:01:37 | 000,634,632 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

efcdcdb
Intermediate
Intermediate

Posts Posts : 58
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow computer - not sure if virus / malware

Post by Gabethebabe on Wed Nov 09, 2011 12:48 pm

Hi there!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst Iīm helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. Iīm here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesnīt mean it is clean yet!

====================

Analysis of a suspicious file.
  • Please go to the Virustotal website by clicking [You must be registered and logged in to see this link.]
  • Click the Browse button and in the Name field paste:
    C:\Documents and Settings\Cheryl\Local Settings\Application Data\smpWebIde\NativeMobileNotifier.dll
  • Click Open and click Send File
  • If Virustotal informs you that "File has already been analysed", click Reanalyse file now
  • An analysis report will appear. Copy and paste the url (something like [You must be registered and logged in to see this link.] into your next reply.

====================

Please download aswMBR by Alwil Software from [You must be registered and logged in to see this link.] and save it to your desktop.

  • Double click aswMBR.exe to run the tool
  • Click the Scan button to start the scan
  • Donīt panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.

====================

Please download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38218
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow computer - not sure if virus / malware

Post by efcdcdb on Thu Nov 10, 2011 2:20 am

Hi - thanks for helping me. Here is my stuff:

[You must be registered and logged in to see this link.]

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-09 20:56:48
-----------------------------
20:56:48.500 OS Version: Windows 5.1.2600 Service Pack 3
20:56:48.500 Number of processors: 2 586 0x401
20:56:48.500 ComputerName: HOMEPC UserName: Cheryl
20:56:50.093 Initialize success
20:57:06.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:57:06.984 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 76319MB BusType: 3
20:57:08.984 Disk 0 MBR read successfully
20:57:08.984 Disk 0 MBR scan
20:57:08.984 Disk 0 Windows XP default MBR code
20:57:08.984 Disk 0 scanning sectors +156280320
20:57:09.000 Disk 0 malicious Win32:MBRoot code @ sector 156280323 !
20:57:09.000 Disk 0 PE file @ sector 156280345 !
20:57:09.046 Disk 0 scanning C:\WINDOWS\system32\drivers
20:57:16.421 Service scanning
20:57:18.359 Service MpKsl776ee80a c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BBA4872-5CDF-43D9-B9AF-AF8861E7E36B}\MpKsl776ee80a.sys **LOCKED** 32
20:57:18.593 Service vsdatant C:\WINDOWS\system32\vsdatant.sys **LOCKED** 32
20:57:19.125 Modules scanning
20:57:23.093 Disk 0 trace - called modules:
20:57:23.125 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:57:23.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f825d0]
20:57:23.125 3 CLASSPNP.SYS[f87c1fd7] -> nt!IofCallDriver -> \Device\00000089[0x82f29210]
20:57:23.125 5 ACPI.sys[f8738620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f65030]
20:57:23.125 Scan finished successfully
20:57:32.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cheryl\Desktop\MBR.dat"
20:57:32.546 The log file has been saved successfully to "C:\Documents and Settings\Cheryl\Desktop\aswMBR.txt"

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8128

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/9/2011 9:11:33 PM
mbam-log-2011-11-09 (21-11-32).txt

Scan type: Quick scan
Objects scanned: 161750
Time elapsed: 9 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\documents and settings\Cheryl\local settings\application data\smpwebide\nativemobilenotifier.dll (IPH.Trojan.Blueinit) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NativeMobileNotifier (IPH.Trojan.Blueinit) -> Value: NativeMobileNotifier -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Cheryl\local settings\application data\smpwebide\nativemobilenotifier.dll (IPH.Trojan.Blueinit) -> Delete on reboot.




efcdcdb
Intermediate
Intermediate

Posts Posts : 58
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow computer - not sure if virus / malware

Post by Gabethebabe on Thu Nov 10, 2011 6:38 am

OK, so the file I suspected was indeed malware, but Malwarebytes has found it too and got rid of it.

I think the main problem of the slowness of your computer is this:
[You must be registered and logged in to see this link.] wrote:
503.48 Mb Total Physical Memory | 130.29 Mb Available Physical Memory | 25.88% Memory free

You have few memory available. You should try and free up some memory. I see you are running ZoneAlarm Firewall. That is usually fine, but on computers with <1GB of memory, I recommend not running a third party firewall, but trust the built in Windows firewall.

Also running iobit smartdefrag is redundant. You donīt need a continuous defragging of your HD, once in a blue moon (every 2 months or so) running some defrag tool is good enough.

You could visit blackviper.com and check out windows services you can disable to free up resources (for example the indexing service).

Also bring up the processes tab of task manager (CTRL-SHIFT-ESC to open task manager) and look through all running processes. Google the ones you do not recognize and find out to which software they belong, if they are vital or not and whether you want to keep them or not. If you think there are processes you do not want, use Google again to find out how to disable them.

I think with these steps you should try and optimize your computer bit-by-bit and hopefully it will start running better!



Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38218
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow computer - not sure if virus / malware

Post by efcdcdb on Mon Nov 14, 2011 2:10 am

Thanks! Sorry for the delayed response - I was out of town. I will try some of your tips. Appreciate the help!

efcdcdb
Intermediate
Intermediate

Posts Posts : 58
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26785
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum