Slow Computer

View previous topic View next topic Go down

Slow Computer

Post by redarrow62 on Mon Jun 04, 2012 1:31 am

Problems having:
1. Internet programs not loading
2. Page not available on several sites
3. Constant hourglass or "circlejerks"

OTL logfile created on: 6/3/2012 5:37:52 PM - Run 7
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Rick-Temp
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 72.30% Memory free
5.72 Gb Paging File | 5.21 Gb Available in Paging File | 91.11% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 120.00 Gb Free Space | 51.55% Space Free | Partition Type: NTFS

Computer Name: KATHY-1 | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Rick-Temp\OTL.com (OldTimer Tools)
PRC - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Program Files\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited)
PRC - C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
PRC - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Program Files\Dell V305\dldtmsdmon.exe ()
PRC - C:\Program Files\Dell V305\dldtmon.exe ()
PRC - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dldtcoms.exe ( )
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll ()
MOD - C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll ()
MOD - C:\Program Files\Dell V305\dldtmsdmon.exe ()
MOD - C:\Program Files\Dell V305\dldtmon.exe ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\zip.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\verify.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\java.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\net.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hpi.dll ()
MOD - C:\Program Files\Dell V305\app4r.monitor.core.dll ()
MOD - C:\Program Files\Dell V305\app4r.monitor.common.dll ()
MOD - C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\Dell V305\dldtdrs.dll ()
MOD - C:\Program Files\Dell V305\dldtscw.dll ()
MOD - C:\Program Files\Dell V305\dldtcaps.dll ()
MOD - C:\Program Files\Dell V305\dldtmonr.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dldtdrpp.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\DLDTcfg.dll ()
MOD - C:\Program Files\Dell V305\DLDTcfg.dll ()
MOD - C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files\Dell V305\dldtcnv4.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtdatr.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll ()
MOD - C:\WINDOWS\system32\DLAAPI_W.DLL ()
MOD - C:\Program Files\Dell PC Fax\dlctrstr.dll ()
MOD - C:\WINDOWS\system32\DLPRMON.DLL ()
MOD - C:\Program Files\Dell PC Fax\ipcmt.dll ()
MOD - C:\WINDOWS\system32\jst.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Ad-Aware Service) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (SBAMSvc) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (dldtCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe ()
SRV - (dldt_device) -- C:\WINDOWS\system32\dldtcoms.exe ( )
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (ZDPSp50) -- System32\Drivers\ZDPSp50.sys File not found
DRV - (WDICA) -- File not found
DRV - (rt2870) -- system32\DRIVERS\rt2870.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Kathy\LOCALS~1\Temp\catchme.sys File not found
DRV - (SbFw) -- C:\WINDOWS\system32\drivers\SbFw.sys (GFI Software)
DRV - (sbtis) -- C:\WINDOWS\system32\drivers\sbtis.sys (GFI Software)
DRV - (sbhips) -- C:\WINDOWS\system32\drivers\sbhips.sys (GFI Software)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (GFI Software)
DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (GFI Software)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (GFI Software)
DRV - (SBFWIMCLMP) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (GFI Software)
DRV - (SBFWIMCL) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (GFI Software)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (elagopro) -- C:\WINDOWS\system32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\WINDOWS\system32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (ZD1211BU(Linksys A Division of Cisco Systems Inc.)) Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {5228D251-F194-469C-9990-761737553270}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{5228D251-F194-469C-9990-761737553270}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = [You must be registered and logged in to see this link.]


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Kathy\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Kathy\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/10/31 16:10:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} [You must be registered and logged in to see this link.] (JordanUploader Class)
O16 - DPF: {3DE051B7-CE1E-4149-A39E-3037F29068E1} [You must be registered and logged in to see this link.] (PCConfigTool.ATMailConfig)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DD64062-423F-4BEE-AF81-EA64C9719CCB}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/23 21:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Ad-Aware Service - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SBAMSvc - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Ad-Aware Service - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SBAMSvc - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/29 19:09:01 | 000,000,000 | ---D | C] -- C:\REG-Cure
[2012/05/26 21:17:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kathy\Start Menu\Programs\Administrative Tools
[2012/05/26 09:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012/05/26 08:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Local Settings\Application Data\adaware
[2012/05/26 08:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
[2012/05/26 08:48:20 | 000,077,816 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2012/05/26 08:48:20 | 000,021,240 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2012/05/26 08:48:19 | 000,217,976 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2012/05/26 08:48:19 | 000,093,816 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbhips.sys
[2012/05/26 08:48:12 | 000,094,584 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2012/05/26 08:48:11 | 000,335,224 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2012/05/26 08:48:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\VDD
[2012/05/26 08:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/05/21 12:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Application Data\Ad-Aware Antivirus
[2012/05/05 10:06:03 | 004,126,880 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/03 17:33:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1220945662-682003330-1004UA.job
[2012/06/03 17:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/03 17:00:23 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2012/06/03 15:09:16 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\Microsoft Word.lnk
[2012/06/03 12:00:06 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/06/03 12:00:01 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Desktop\Ad-Aware Antivirus.lnk
[2012/06/03 09:05:17 | 000,028,557 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\535797_10151037369643465_1503152084_n.jpg
[2012/06/03 07:43:26 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/03 07:40:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/02 16:33:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/06/01 06:33:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1220945662-682003330-1004Core.job
[2012/05/30 21:42:45 | 000,013,584 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\BIRTHDAY2.jpg
[2012/05/30 21:41:04 | 000,056,209 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\BIRTHDAYjpg.jpg
[2012/05/29 19:09:40 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Desktop\RegCure.lnk
[2012/05/28 22:04:32 | 000,214,528 | ---- | M] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/25 21:56:58 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/05/25 21:56:58 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/05/23 20:36:52 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\Google Chrome.lnk
[2012/05/23 20:36:52 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/11 13:25:40 | 000,024,647 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\150099_329068243830325_164582840278867_806430_1113720281_n.jpg
[2012/05/11 06:35:14 | 000,371,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/10 08:55:58 | 000,441,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/10 08:55:58 | 000,071,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/10 08:52:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/07 19:59:26 | 000,011,064 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\images.jpg
[2012/05/05 10:06:06 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/05 10:06:06 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/05 10:06:04 | 004,126,880 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 09:05:25 | 000,028,557 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\535797_10151037369643465_1503152084_n.jpg
[2012/05/30 21:43:00 | 000,013,584 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\BIRTHDAY2.jpg
[2012/05/30 21:41:23 | 000,056,209 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\BIRTHDAYjpg.jpg
[2012/05/26 09:15:57 | 000,000,944 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/05/26 08:48:21 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Desktop\Ad-Aware Antivirus.lnk
[2012/05/11 13:25:47 | 000,024,647 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\150099_329068243830325_164582840278867_806430_1113720281_n.jpg
[2012/05/07 19:59:33 | 000,011,064 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\images.jpg
[2012/02/15 07:06:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/23 09:49:05 | 000,000,305 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2011/05/23 09:47:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2011/04/20 09:18:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/20 09:18:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/10/27 17:52:11 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/07/18 20:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2012/05/26 09:14:38 | 000,000,000 | ---D | M] -- C:\Program Files\Ad-Aware Antivirus
[2008/07/29 11:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/08 22:04:03 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/12/24 22:00:58 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/12/29 21:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/07/06 13:28:53 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2008/07/06 13:27:04 | 000,000,000 | ---D | M] -- C:\Program Files\Dell PC Fax
[2009/08/19 17:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\Dell V305
[2009/07/24 20:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\dl_Cats
[2010/10/28 21:28:03 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/06/23 22:56:41 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/06/23 22:53:05 | 000,000,000 | ---D | M] -- C:\Program Files\hp
[2009/09/08 14:09:23 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/08/14 17:32:52 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2012/04/12 11:31:56 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/11/07 06:21:28 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/04/15 19:25:38 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2011/09/28 16:33:05 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2012/04/11 13:17:56 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/06 19:25:29 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/05/18 12:48:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/07/07 18:39:34 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/07/07 18:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/05/14 19:45:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/10/27 17:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/12 15:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/21 08:38:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/06/23 21:02:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/06/23 21:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/07/05 19:23:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/21 08:34:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/10/06 18:44:07 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/06/23 21:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 16:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/08/20 20:15:58 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2009/08/01 11:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\Picturetrail Photo Editor
[2009/11/08 22:05:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/11/24 15:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/06/27 16:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/08/21 08:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/11/25 19:15:39 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2008/06/23 23:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2011/07/05 19:19:48 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/08/28 18:05:42 | 000,000,000 | ---D | M] -- C:\Program Files\support.com
[2012/05/26 08:43:58 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/05/23 09:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\The Learning Company
[2011/11/15 18:23:43 | 000,000,000 | ---D | M] -- C:\Program Files\Toolbar Cleaner
[2008/06/24 00:12:11 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2011/12/04 14:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/12/04 14:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/10/06 18:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/06/23 21:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/06/23 22:56:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/10/06 18:38:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/10/06 18:38:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/06 18:38:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/10/06 18:38:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/10/06 18:38:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/10/06 18:38:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-23 20:02:51

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Kathy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Women of the Bible devotions:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\What a Character teen 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\What a Character Preteen version:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\WEB_PAGE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Tidewater Cats:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Teen Bible Book:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Strength for the Day:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Stockings Were Hung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Single Step:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\SEMINARS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Rock Your World:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\RECIPES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Print Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Pine Grove Explorer's Club:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Parenting Articles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Organizational:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\On the Homefront:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\My Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Moving Day Survival Manual:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Middle School Survival Manual:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\LABELS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Junior Articles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\JESSICA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Jasmine:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M The Bible:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M School:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M Family:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M Especially Special Me:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\IDEAS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Home Alone Handbook:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Guy's Bible Book:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Grieving Families:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Gotta Have God 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Geo Club:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Gather My Children:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\FOYC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\FICTION:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Emerald Coast series:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\emerald 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Christmas through the Year:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\CGG to Me the quizbook:Roxio EMC Stream

< End of report >
ASWMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-03 18:01:59
-----------------------------
18:01:59.921 OS Version: Windows 5.1.2600 Service Pack 3
18:01:59.921 Number of processors: 2 586 0x6B01
18:01:59.937 ComputerName: KATHY-1 UserName: Kathy
18:02:01.203 Initialize success
18:04:03.359 AVAST engine defs: 12060301
18:23:32.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
18:23:32.031 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
18:23:32.046 Disk 0 MBR read successfully
18:23:32.046 Disk 0 MBR scan
18:23:32.093 Disk 0 Windows XP default MBR code
18:23:32.093 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
18:23:32.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238369 MB offset 98304
18:23:32.125 Disk 0 scanning sectors +488278016
18:23:32.203 Disk 0 scanning C:\WINDOWS\system32\drivers
18:23:42.421 Service scanning
18:23:58.281 Modules scanning
18:24:34.578 Disk 0 trace - called modules:
18:24:34.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:24:34.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adedab8]
18:24:34.593 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8ad67f18]
18:24:34.593 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ad0a940]
18:24:35.046 AVAST engine scan C:\WINDOWS
18:24:56.046 AVAST engine scan C:\WINDOWS\system32
18:27:55.921 AVAST engine scan C:\WINDOWS\system32\drivers
18:28:17.015 AVAST engine scan C:\Documents and Settings\Kathy
18:45:23.531 AVAST engine scan C:\Documents and Settings\All Users
19:12:58.281 Scan finished successfully
20:28:23.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kathy\Desktop\MBR.dat"
20:28:23.937 The log file has been saved successfully to "C:\Documents and Settings\Kathy\Desktop\aswMBR.txt"



redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by Superdave on Mon Jun 04, 2012 7:30 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*****************************************************************
What browser are you using? Does it do this with another browser?

Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************************
Please download [You must be registered and logged in to see this link.] to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size


Click Go and copy/paste the log (Result.txt) into your next post.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by redarrow62 on Thu Jun 07, 2012 1:41 am

Hi Dave,

My wife uses IE 8 and Google Chrome. I believe my daughter loaded firefox also.
Here is checkup.txt:
Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Ad-Aware Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.61.0.1400
Java(TM) 6 Update 29
Java version out of date!
Adobe Reader 8 Adobe Reader out of date!
Adobe Reader X KB403742.. Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

Here is result.txt:
MiniToolBox by Farbar Version: 04-06-2012
Ran by Kathy (administrator) on 06-06-2012 at 20:40:19
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (06/04/2012 05:39:02 AM) (Source: ESENT) (User: )
Description: Catalog Database (1424) Database recovery/restore failed with unexpected error -1216.

Error: (06/04/2012 05:39:02 AM) (Source: ESENT) (User: )
Description: Catalog Database (1424) Database recovery failed with error -1216 because it encountered references to a database, 'C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a consistent state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, please contact PSS for further instructions regarding the steps required in order to allow recovery to proceed without this database.

Error: (06/04/2012 05:38:52 AM) (Source: ESENT) (User: )
Description: Catalog Database (1424) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb is partially attached. Attachment stage: 1. Error: -1032.

Error: (06/04/2012 05:38:52 AM) (Source: ESENT) (User: )
Description: Catalog Database (1424) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error -1032.

Error: (06/04/2012 05:38:52 AM) (Source: ESENT) (User: )
Description: svchost (1424) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/04/2012 05:38:40 AM) (Source: ESENT) (User: )
Description: svchost (1424) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/02/2012 00:24:54 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: This operation returned because the timeout period expired.

Error: (05/27/2012 11:42:38 AM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 19.0.1084.52, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/25/2012 09:57:16 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (05/24/2012 00:16:51 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (06/06/2012 08:06:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (06/06/2012 08:06:43 PM) (Source: Service Control Manager) (User: )
Description: The dldtCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (06/06/2012 08:06:43 PM) (Source: Service Control Manager) (User: )
Description: Timeout (120000 milliseconds) waiting for the dldtCATSCustConnectService service to connect.

Error: (06/06/2012 08:06:43 PM) (Source: Service Control Manager) (User: )
Description: The PCASp50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (06/05/2012 06:06:29 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (06/05/2012 06:06:12 AM) (Source: Service Control Manager) (User: )
Description: The dldtCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (06/05/2012 06:06:12 AM) (Source: Service Control Manager) (User: )
Description: Timeout (120000 milliseconds) waiting for the dldtCATSCustConnectService service to connect.

Error: (06/05/2012 06:06:12 AM) (Source: Service Control Manager) (User: )
Description: The PCASp50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (06/04/2012 08:51:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (06/04/2012 08:50:51 PM) (Source: Service Control Manager) (User: )
Description: The dldtCATSCustConnectService service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 3006.42 MB
Available physical RAM: 2398.62 MB
Total Pagefile: 5853.14 MB
Available Pagefile: 5390.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.62 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.78 GB) (Free:119.65 GB) NTFS

========================= Users: ========================================

User accounts for \\KATHY-1

Administrator Guest HelpAssistant
Kathy SUPPORT_388945a0


**** End of log ****

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by Superdave on Thu Jun 07, 2012 10:23 pm

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) [You must be registered and logged in to see this link.]
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
4-a) [You must be registered and logged in to see this link.]
5) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) [You must be registered and logged in to see this link.]
7) [You must be registered and logged in to see this link.]

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

************************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*****************************************************
Update your Adobe Reader. [You must be registered and logged in to see this link.].

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
*****************************************************
Let's run a few more scans to see what turns up.

Please download [You must be registered and logged in to see this link.] ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by redarrow62 on Thu Jun 07, 2012 10:36 pm

I have Ad-Aware+Antivirus on this machine. Should I get rid of it? (Free version)

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by redarrow62 on Fri Jun 08, 2012 11:42 am

Un-installed Ad-Aware
Installed AVG and Java,JQS
Adobe keeps timing out download.

Here is aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-08 06:20:19
-----------------------------
06:20:19.484 OS Version: Windows 5.1.2600 Service Pack 3
06:20:19.484 Number of processors: 2 586 0x6B01
06:20:19.484 ComputerName: KATHY-1 UserName: Kathy
06:20:20.546 Initialize success
06:20:33.171 AVAST engine defs: 12060701
06:20:39.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
06:20:39.437 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
06:20:39.468 Disk 0 MBR read successfully
06:20:39.468 Disk 0 MBR scan
06:20:39.515 Disk 0 Windows XP default MBR code
06:20:39.515 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
06:20:39.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238369 MB offset 98304
06:20:39.531 Disk 0 scanning sectors +488278016
06:20:39.625 Disk 0 scanning C:\WINDOWS\system32\drivers
06:20:57.640 Service scanning
06:21:41.640 Modules scanning
06:21:47.625 Disk 0 trace - called modules:
06:21:47.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
06:21:47.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad32ab8]
06:21:47.671 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000069[0x8adbbf18]
06:21:47.671 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ad63940]
06:21:50.375 AVAST engine scan C:\WINDOWS
06:22:17.703 AVAST engine scan C:\WINDOWS\system32
06:25:33.093 AVAST engine scan C:\WINDOWS\system32\drivers
06:25:53.578 AVAST engine scan C:\Documents and Settings\Kathy
06:40:19.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kathy\Desktop\MBR.dat"
06:40:19.156 The log file has been saved successfully to "C:\Documents and Settings\Kathy\Desktop\aswMBR.txt"



redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by Superdave on Fri Jun 08, 2012 7:23 pm

Download Combofix from any of the links below, and save it to your DESKTOP.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by redarrow62 on Fri Jun 08, 2012 11:23 pm

Dave,

From Combo-fix:

ComboFix 12-06-08.02 - Kathy 06/08/2012 18:10:28.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2483 [GMT -5:00]
Running from: c:\rick-temp\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kathy\WINDOWS
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\system32\SET175.tmp
c:\windows\system32\SET181.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 11:21 . 2012-06-08 11:21 -------- d-----w- c:\documents and settings\Kathy\Local Settings\Application Data\Sun
2012-06-08 01:58 . 2012-06-08 01:58 -------- d-----w- c:\program files\Common Files\Java
2012-06-08 01:54 . 2012-06-08 01:54 -------- d-----w- c:\program files\Oracle
2012-06-08 01:53 . 2012-06-08 01:53 -------- d-----w- c:\documents and settings\Kathy\Application Data\Oracle
2012-06-08 01:53 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-08 01:46 . 2012-06-08 01:46 -------- d-----w- c:\documents and settings\Kathy\Application Data\AVG2012
2012-06-08 01:44 . 2012-06-08 01:44 -------- d-----w- c:\documents and settings\Kathy\Local Settings\Application Data\AVG Secure Search
2012-06-08 01:44 . 2012-06-08 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-06-08 01:44 . 2012-06-08 01:44 -------- d-----w- c:\documents and settings\Kathy\Application Data\AVG Secure Search
2012-06-08 01:44 . 2012-06-08 01:44 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-08 01:44 . 2012-06-08 01:44 -------- d-----w- c:\program files\AVG Secure Search
2012-06-08 01:43 . 2012-06-08 01:43 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-06-08 01:41 . 2012-06-08 11:18 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-08 01:41 . 2012-06-08 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-06-08 01:41 . 2012-06-08 01:41 -------- d-----w- C:\$AVG
2012-06-08 01:41 . 2012-06-08 01:41 -------- d-----w- c:\program files\AVG
2012-06-08 01:39 . 2012-06-08 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-06-08 01:30 . 2012-06-08 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-05-30 00:09 . 2012-05-30 00:09 -------- d-----w- C:\REG-Cure
2012-05-26 14:12 . 2012-05-26 14:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-05-26 13:48 . 2012-05-26 13:49 -------- d-----w- c:\documents and settings\Kathy\Local Settings\Application Data\adaware
2012-05-26 13:48 . 2012-06-08 01:30 -------- d-----w- c:\program files\Ad-Aware Antivirus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-05 15:06 . 2012-03-30 11:04 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 15:06 . 2011-05-16 21:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 15:06 . 2012-05-05 15:06 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:14 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-02-28 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 23:47 . 2010-10-28 00:13 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 20:56 . 2010-10-26 02:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 10:17 . 2012-03-19 10:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-08 01:44 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-06-08 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-15 443968]
"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-04-09 184320]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2008-06-24 98304]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-05 8466432]
"nwiz"="nwiz.exe" [2007-09-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-05 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2012-02-03 108032]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-08 1116544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell V305\\dldtamon.exe"=
"c:\\Program Files\\Dell V305\\frun.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\WINDOWS\\system32\\dldtcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [6/1/2010 3:01 AM 367456]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [6/7/2012 8:44 PM 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [8/19/2009 5:08 PM 99568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 6:04 AM 257696]
S3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);c:\windows\system32\drivers\ZD1211BU.sys [6/23/2008 10:12 PM 402432]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:06]
.
2011-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1220945662-682003330-1004Core.job
- c:\documents and settings\Kathy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-28 23:18]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1220945662-682003330-1004UA.job
- c:\documents and settings\Kathy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-28 23:18]
.
2012-06-08 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-11-26 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - [You must be registered and logged in to see this link.]
DPF: {3DE051B7-CE1E-4149-A39E-3037F29068E1} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-06-08 18:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-08 18:19:35
ComboFix-quarantined-files.txt 2012-06-08 23:19
ComboFix2.txt 2010-10-31 23:20
.
Pre-Run: 132,072,804,352 bytes free
Post-Run: 143,293,931,520 bytes free
.
- - End Of File - - B4AB9DC922CBE32E605CC89006C05F4F

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by Superdave on Sat Jun 09, 2012 1:10 am

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
RegCure
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: [You must be registered and logged in to see this link.]
*******************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by redarrow62 on Sat Jun 09, 2012 3:52 am

Removed Reg Cure

SysProtLog:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B5E9F000
Module End: B5EB7000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA65E000
Module End: BA660000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: BA5AE000
Module End: BA5B0000
Hidden: Yes

Module Name: \??\C:\DOCUME~1\Kathy\LOCALS~1\Temp\catchme.sys
Service Name: catchme
Module Base: B5224000
Module End: B522C000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwNotifyChangeKey
Address: B565A004
Driver Base: B5659000
Driver End: B565C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwNotifyChangeMultipleKeys
Address: B565A0D4
Driver Base: B5659000
Driver End: B565C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwOpenProcess
Address: B5659D76
Driver Base: B5659000
Driver End: B565C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwTerminateProcess
Address: B5659E1E
Driver Base: B5659000
Driver End: B565C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwTerminateThread
Address: B5659EBA
Driver Base: B5659000
Driver End: B565C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwWriteVirtualMemory
Address: B5659F56
Driver Base: B5659000
Driver End: B565C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: KATHY-1:1956
Remote Address: A23-1-55-117.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
State: CLOSE_WAIT

Local Address: KATHY-1:1829
Remote Address: A23-66-230-147.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\AVG Secure Search\vprot.exe
State: CLOSE_WAIT

Local Address: KATHY-1:1828
Remote Address: A23-1-55-117.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\AVG Secure Search\vprot.exe
State: CLOSE_WAIT

Local Address: KATHY-1:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: KATHY-1:10088
Remote Address: LOCALHOST:2248
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: KATHY-1:10088
Remote Address: LOCALHOST:2247
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: KATHY-1:10088
Remote Address: LOCALHOST:2246
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: KATHY-1:10088
Remote Address: LOCALHOST:2245
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: KATHY-1:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
State: LISTENING

Local Address: KATHY-1:1033
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: KATHY-1:10088
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\dldtcoms.exe
State: LISTENING

Local Address: KATHY-1:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: KATHY-1:1088
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Dell V305\dldtmon.exe
State: LISTENING

Local Address: KATHY-1:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: KATHY-1:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: KATHY-1:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KATHY-1:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: KATHY-1:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: KATHY-1:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KATHY-1:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KATHY-1:1064
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KATHY-1:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KATHY-1:39043
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\dldtcoms.exe
State: NA

Local Address: KATHY-1:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: KATHY-1:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: KATHY-1:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied


redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by redarrow62 on Sat Jun 09, 2012 4:12 pm

SysProt re-done fully.
output:
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B5DB3000
Module End: B5DCB000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA65C000
Module End: BA65E000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwNotifyChangeKey
Address: B568A004
Driver Base: B5689000
Driver End: B568C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwNotifyChangeMultipleKeys
Address: B568A0D4
Driver Base: B5689000
Driver End: B568C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwOpenProcess
Address: B5689D76
Driver Base: B5689000
Driver End: B568C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwTerminateProcess
Address: B5689E1E
Driver Base: B5689000
Driver End: B568C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwTerminateThread
Address: B5689EBA
Driver Base: B5689000
Driver End: B568C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwWriteVirtualMemory
Address: B5689F56
Driver Base: B5689000
Driver End: B568C000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: KATHY-1:1099
Remote Address: 50.57.204.250:HTTP
Type: TCP
Process: C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
State: CLOSE_WAIT

Local Address: KATHY-1:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: KATHY-1:10088
Remote Address: LOCALHOST:1131
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: KATHY-1:10088
Remote Address: LOCALHOST:1130
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: KATHY-1:10088
Remote Address: LOCALHOST:1129
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: KATHY-1:10088
Remote Address: LOCALHOST:1128
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: KATHY-1:8005
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: LISTENING

Local Address: KATHY-1:5226
Remote Address: LOCALHOST:KPOP
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: ESTABLISHED

Local Address: KATHY-1:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
State: LISTENING

Local Address: KATHY-1:1116
Remote Address: LOCALHOST:5225
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: CLOSE_WAIT

Local Address: KATHY-1:1114
Remote Address: LOCALHOST:5225
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: CLOSE_WAIT

Local Address: KATHY-1:1113
Remote Address: LOCALHOST:5225
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: CLOSE_WAIT

Local Address: KATHY-1:KPOP
Remote Address: LOCALHOST:5226
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
State: ESTABLISHED

Local Address: KATHY-1:1108
Remote Address: LOCALHOST:5225
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: CLOSE_WAIT

Local Address: KATHY-1:1107
Remote Address: LOCALHOST:5225
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: CLOSE_WAIT

Local Address: KATHY-1:1106
Remote Address: LOCALHOST:5225
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: CLOSE_WAIT

Local Address: KATHY-1:1033
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: KATHY-1:10088
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\dldtcoms.exe
State: LISTENING

Local Address: KATHY-1:8008
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: LISTENING

Local Address: KATHY-1:5226
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: LISTENING

Local Address: KATHY-1:5225
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: LISTENING

Local Address: KATHY-1:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: KATHY-1:1097
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Dell V305\dldtmon.exe
State: LISTENING

Local Address: KATHY-1:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: KATHY-1:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: KATHY-1:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KATHY-1:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: KATHY-1:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: KATHY-1:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KATHY-1:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KATHY-1:1122
Remote Address: NA
Type: UDP
Process: C:\Program Files\AVG\AVG2012\avgtray.exe
State: NA

Local Address: KATHY-1:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KATHY-1:39043
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\dldtcoms.exe
State: NA

Local Address: KATHY-1:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: KATHY-1:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: KATHY-1:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied


redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by Superdave on Sat Jun 09, 2012 6:24 pm

Very good. Please tell me how your computer is working now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by redarrow62 on Sun Jun 10, 2012 1:32 pm

Will let you know how it turns out.

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by redarrow62 on Mon Jun 11, 2012 12:13 am

Ran for over an hour. Did not give option to export log. Found 0 threats.

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Slow Computer

Post by Superdave on Mon Jun 11, 2012 1:31 am

That's good. If there are no other issues, we can do some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
**************************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
This will give you a new, clean Restore Point.
************************************************
Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.]

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**************************************************
Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum