Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

slow computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

slow computer

Unread postby lverna » December 5th, 2009, 7:05 pm

my mother-in-law sent me a virus through email. it filled HD - i deleted the emails but my computer is a little slower now. suggestions?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:55 PM, on 12/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\Imgtask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Snapfish PictureMover\PictureMover.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 9377 bytes
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm
Advertisement
Register to Remove

Re: slow computer

Unread postby MWR 3 day Mod » December 9th, 2009, 11:47 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: slow computer

Unread postby hottroc » December 13th, 2009, 3:06 pm

-----------------------------------------------------------
Malware Removal forum

Hi, Thank you for posting your HijackThis log and welcome to the forum. My name is hottroc and I am going to be helping you to remove any malicious infections from your system.

I shall examine your log and get back to you as soon as possible with further instructions.

I am currently still in training here so all my instructions to you will be double-checked by an expert before posting. This means there will be a small extra delay which I apologise for but please bear with us.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: slow computer

Unread postby hottroc » December 14th, 2009, 7:11 pm

Hi, sorry for the delay.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Also can you please advise if you have intentionally installed the Ask Toolbar? Fine if you have, just that sometimes it installs itself surrepticiously.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: slow computer

Unread postby lverna » December 14th, 2009, 10:22 pm

OTL logfile created on: 12/14/2009 6:57:34 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = F:\downloads f drive
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 57.02% Memory free
3.72 Gb Paging File | 2.80 Gb Available in Paging File | 75.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 1.99 Gb Free Space | 5.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 232.88 Gb Total Space | 200.97 Gb Free Space | 86.29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC01
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - F:\downloads f drive\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\WINDOWS\Imgtask.exe ()
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - F:\downloads f drive\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Paltalk Messenger\ctrlkey.dll ()
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Droppix Service) -- C:\Program Files\Common Files\Droppix\DxService.exe (Droppix)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)
DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC)
DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (ppa3) -- C:\WINDOWS\system32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\S-1-5-21-299502267-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\S-1-5-21-299502267-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2009/11/27 12:05:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/27 12:10:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 12:15:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/27 12:10:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/10/16 21:01:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2009/11/27 12:05:23 | 00,000,000 | ---D | M]

[2009/09/05 10:20:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/07/18 15:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2009/07/18 15:35:50 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/12/13 22:55:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\765qpy9l.default\extensions
[2009/12/13 22:55:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/11 19:01:37 | 00,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2009/10/19 18:59:44 | 00,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-299502267-2025429265-725345543-1003..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-299502267-2025429265-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-299502267-2025429265-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/13 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/12 21:42:11 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/12 10:27:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2009/12/12 10:26:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene
[2009/12/12 10:26:54 | 00,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2009/11/27 14:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/11/27 14:29:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/27 14:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/27 14:29:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/11/27 12:05:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitDefender
[2009/11/27 12:05:06 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/11/27 12:05:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/11/27 12:03:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2008/11/20 18:20:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/20 18:20:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/22 06:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/14 18:12:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2025429265-725345543-1003UA.job
[2009/12/14 13:12:01 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2025429265-725345543-1003Core.job
[2009/12/14 10:21:52 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/14 10:18:52 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/14 10:18:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/14 10:18:16 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/14 10:18:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 23:22:44 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/13 23:22:43 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/12 10:27:05 | 00,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
[2009/12/12 09:33:16 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2009/12/10 10:06:00 | 00,461,728 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 10:06:00 | 00,078,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 10:05:57 | 00,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 22:36:00 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/09 21:33:12 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/09 20:02:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/07 20:36:00 | 00,000,288 | ---- | M] () -- C:\WINDOWS\tasks\System Restore.job
[2009/12/06 20:52:49 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003 (2).lnk
[2009/12/06 17:27:10 | 00,010,593 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2009/12/05 18:02:53 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/12/05 11:03:32 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/11/29 09:23:11 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/11/28 08:24:11 | 00,000,016 | ---- | M] () -- C:\WINDOWS\System32\asdict.dat
[2009/11/28 08:24:11 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/11/27 12:58:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_bl.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\wsbl.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_white.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_summ.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_spoof.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_sign.slf
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_black.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_sbl.sig
[2009/11/27 12:20:40 | 00,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/11/27 12:10:21 | 00,000,025 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\bdfvconp.ini
[2009/11/27 12:10:09 | 00,000,376 | ---- | M] () -- C:\Documents and Settings\Owner\Application Dataprivacy.xml
[2009/11/27 12:06:19 | 00,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2009/11/27 11:51:47 | 00,337,224 | ---- | M] () -- C:\BdUninstallTool2009.11.27-11.49.03.reg
[2009/11/27 11:49:20 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/11/24 23:05:48 | 02,113,456 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/24 22:40:20 | 00,000,534 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2009/11/23 22:45:01 | 00,000,825 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/11/21 10:51:42 | 01,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/11/21 10:51:04 | 00,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/16 19:12:32 | 00,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2009/11/16 08:45:46 | 00,124,416 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dr blaylock.doc
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/12 10:27:05 | 00,001,640 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
[2009/12/09 21:33:12 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/12/09 21:33:12 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/12/05 18:02:53 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/29 09:23:11 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/11/28 08:24:11 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2009/11/28 08:24:11 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/11/27 12:58:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_bl.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_spoof.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_sign.slf
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_sbl.sig
[2009/11/27 12:20:40 | 00,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/11/27 12:10:21 | 00,000,025 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\bdfvconp.ini
[2009/11/27 12:10:09 | 00,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Dataprivacy.xml
[2009/11/27 12:06:19 | 00,001,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2009/11/27 11:49:03 | 00,337,224 | ---- | C] () -- C:\BdUninstallTool2009.11.27-11.49.03.reg
[2009/11/24 23:02:35 | 00,002,495 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003 (2).lnk
[2009/11/24 22:40:20 | 00,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/11/16 08:45:45 | 00,124,416 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dr blaylock.doc
[2009/10/28 11:31:35 | 00,002,587 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2009/09/20 07:21:31 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/09 09:30:46 | 00,000,590 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/03/04 21:47:59 | 00,000,087 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2009/01/15 12:45:34 | 00,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/12/05 21:59:47 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/08/28 19:58:04 | 00,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/01 16:24:43 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/07/01 16:23:19 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/07/01 16:21:42 | 00,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/06/30 19:03:46 | 00,000,776 | ---- | C] () -- C:\WINDOWS\DcmLtbox.ini
[2008/06/24 12:37:01 | 00,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/06/21 18:18:58 | 00,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2008/06/19 07:44:21 | 00,000,609 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/06/09 21:16:49 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/17 12:32:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/14 00:53:22 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/15 12:47:48 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll
[2007/01/31 13:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >



OTL Extras logfile created on: 12/14/2009 6:57:34 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = F:\downloads f drive
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 57.02% Memory free
3.72 Gb Paging File | 2.80 Gb Available in Paging File | 75.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 1.99 Gb Free Space | 5.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 232.88 Gb Total Space | 200.97 Gb Free Space | 86.29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC01
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Rc-MP3] -- C:\WINDOWS\system32\cmd.exe /e:2048 /k c:\progra~1\Rc-MP3\Rc-MP3.bat encod "%1" direnc (Microsoft Corporation)
Directory [Rc-MP3_2] -- C:\WINDOWS\system32\cmd.exe /e:2048 /k c:\progra~1\Rc-MP3\Rc-MP3.bat encod "%1" dirdelenc (Microsoft Corporation)
Directory [Rc-MP3_3] -- C:\WINDOWS\system32\cmd.exe /e:2048 /c c:\progra~1\Rc-MP3\settings.bat d "%1" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"F:\SMART Technologies\SMART Board Drivers\UCService.exe" = F:\SMART Technologies\SMART Board Drivers\UCService.exe:*:Enabled:SMART SNMPAgent -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05E7B5BE-6E53-EBE9-E51F-B0513239B093}" = Catalyst Control Center Graphics Previews Common
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAC0AF2-8F53-4B3C-A050-AEDC827EA1CC}" = SMART Product Update
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{136CFE1A-8B61-36A5-1071-FD4C6DCE6820}" = ccc-utility
"{16A7373C-4B50-7314-61DD-331A4AECD571}" = CCC Help English
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1ADABB42-F098-0778-BC92-D66B3C5ED538}" = Catalyst Control Center Graphics Full Existing
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3392F26F-0D1D-451F-8527-4820D1960235}" = Sony DVD Architect Studio 4.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{43BF39DA-7C73-C00F-D5AF-775D1EC73EF3}" = Skins
"{4664D722-33D1-4B4A-A317-1E64178B7A97}" = BitDefender Internet Security 2010
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4DBCFDD9-2C48-7DD4-4FBE-082E457943B5}" = ccc-core-preinstall
"{4EAF566E-1712-433C-A1C2-7517845107CC}" = DVD Architect Pro 5.0
"{5534D076-81B6-209F-119B-1A792D380C21}" = Catalyst Control Center Graphics Full New
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5C86E6C3-BDEC-EA73-984A-DB5A30724EF9}" = Catalyst Control Center Core Implementation
"{5C98A4FE-1F42-4F02-B738-F32886AE5467}" = Notebook Software
"{64BFAD18-CE72-152A-AA9A-8C2AC170DC9E}" = Catalyst Control Center Graphics Light
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVD
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{969B3B70-8765-11D5-9809-0050BACBF861}" = MP3PowerEncoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF138729-87C7-4da4-8414-2E3B70C74D87}" = Snapfish PictureMover
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{B8E8C8EC-5C22-4B02-9C02-D851262F574C}" = Sony Vegas Movie Studio Platinum 8.0
"{B9CCF960-132F-453A-8FE7-CDDB42AEEEBF}" = BwgBurn Version 0.7.3
"{BA20221E-4D27-8DFA-14C2-D673CEB1C888}" = ccc-core-static
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"ATWPS" = JumpStart Around the World - Preschool
"Canon CanoScan 4400F User Registration" = Canon CanoScan 4400F User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DraftDominator_is1" = DraftDominator Version 10.0f Full
"Droppix Label Maker_is1" = Droppix Label Maker 2.9.1
"HijackThis" = HijackThis 2.0.2
"Hot Wheels 2 - Get'n Dirty" = Hot Wheels® Stunt Track Driver 2 - GET'N DIRTY(TM)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"KG_2.4b" = JumpStart Kindergarten v2.4b
"LineupDominator_is1" = LineupDominator Version 5.0b Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MFL Import_is1" = MFL Import Version 1.0e
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NewBlue VideoFX MSP" = NewBlue VideoFX MSP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PalTalk8.2" = PaltalkScene
"Rc-MP3" = RightClick-MP3 (Remove Only)
"RealPlayer 12.0" = RealPlayer
"Rescue Heroes Meteor Madness" = Rescue Heroes Meteor Madness
"Soft-Central SC-DiskInfo" = Soft-Central SC-DiskInfo
"Software Informer_is1" = Software Informer 1.0 BETA
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2009 12:04:32 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1327.
Invalid Drive: D:\

Error - 12/13/2009 12:04:32 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003: Junk E-mail Filter (KB976882): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 12/13/2009 11:26:54 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1327.
Invalid Drive: D:\

Error - 12/13/2009 11:26:54 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 12/13/2009 11:27:28 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1327.
Invalid Drive: D:\

Error - 12/13/2009 11:27:28 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003: Junk E-mail Filter (KB976882): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 12/14/2009 12:25:08 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1327.
Invalid Drive: D:\

Error - 12/14/2009 12:25:08 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 12/14/2009 12:25:14 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1327.
Invalid Drive: D:\

Error - 12/14/2009 12:25:14 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003: Junk E-mail Filter (KB976882): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 12/12/2009 12:02:40 AM | Computer Name = PC01 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB976882).

Error - 12/12/2009 10:32:46 PM | Computer Name = PC01 | Source = PlugPlayManager | ID = 12
Description = The device 'HP DeskJet 694C' (LPTENUM\HEWLETT-PACKARDDESKJET_690C\5&1a9b1a19&0&LPT1.4)
disappeared from the system without first being prepared for removal.

Error - 12/12/2009 10:43:50 PM | Computer Name = PC01 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Office 2003 Service Pack 3 (SP3).

Error - 12/12/2009 10:45:33 PM | Computer Name = PC01 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB976882).

Error - 12/13/2009 12:04:23 AM | Computer Name = PC01 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Office 2003 Service Pack 3 (SP3).

Error - 12/13/2009 12:04:32 AM | Computer Name = PC01 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB976882).

Error - 12/13/2009 11:26:59 AM | Computer Name = PC01 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Office 2003 Service Pack 3 (SP3).

Error - 12/13/2009 11:31:42 AM | Computer Name = PC01 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB976882).

Error - 12/14/2009 12:25:09 AM | Computer Name = PC01 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Office 2003 Service Pack 3 (SP3).

Error - 12/14/2009 12:25:14 AM | Computer Name = PC01 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB976882).


< End of report >
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm

Re: slow computer

Unread postby Carolyn » December 18th, 2009, 8:52 am

Hello lverna,

My name is Carolyn and I'll be glad to help you with your computer problems.


Your computer's system drive is dangerously low on disk space:
Drive C: | 38.28 Gb Total Space | 1.99 Gb Free Space | 5.19% Space Free


The partition with the system needs at least 15% Free Space, or it will bog down and run very slowly.

Go to Start, My Computer
Right-click on the hard-drive letter for the system, (usually C: )
Uncheck the box labeled "Allow Indexing Service to index this disk for fast file searching"
If it asks whether to apply to all files and folders, answer Yes.
You may have to wait while it resets the file attributes.
----------------------------------------------------------
Reboot the machine.
----------------------------------------------------------
Download and Install CCleaner

* Download CCleaner from here
* Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
* Click OK
* Click Next
* Click I agree
* Click Next
* Click Install
* Once the installation has finished, click Finish

-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).

* Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
* Click on the Options block on the left. Select Advanced.
Uncheck Only delete files in Windows Temp folders older than 48 hours.
* Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
* Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

-----------------------------------------------------------
Reset Options in CCleaner for Regular Use.
Open CCleaner if it's not already running.

* Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. Then under Internet Explorer, Uncheck "History". In the Advanced section, have a check only on Old PreFetch Data.
* Click on the Options block on the left. Select Advanced.
Check Only delete files in Windows Temp folders older than 48 hours.
* Set CCleaner to Run When Computer Starts. Click on the Options block on the left, then choose Settings. Check Run Ccleaner when computer starts.

-----------------------------------------------------------

Please Update and Scan with Malwarebytes' Anti-Malware
  1. Launch Malwarebytes' Anti-Malware then select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  2. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  3. Leave the default options as it is and click on Start Scan.
  4. When done, you will be prompted. Click OK, then click on Show Results.
  5. Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  6. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

-----------------------------------------------------------

Please post the following in your next reply:
  • The Malwarebytes' log
  • A fresh OTL log
  • A description of how your computer is behaving now
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: slow computer

Unread postby lverna » December 19th, 2009, 10:33 pm

things seem a little faster...i noticed i have more disk space. computer is booting up faster.

using scdisk info I noticed my quarantine in bitdefender had 3 gigs in it.

Malwarebytes' Anti-Malware 1.42
Database version: 3393
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2009 5:47:17 PM
mbam-log-2009-12-19 (17-47-17).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 208365
Time elapsed: 3 hour(s), 1 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.




OTL logfile created on: 12/19/2009 9:29:12 PM - Run 3
OTL by OldTimer - Version 3.1.19.0 Folder = F:\downloads f drive
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 5.08 Gb Free Space | 13.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 201.00 Gb Free Space | 86.31% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC01
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - F:\downloads f drive\OTL(3).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\WINDOWS\Imgtask.exe ()
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - F:\downloads f drive\OTL(3).exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Droppix Service) -- C:\Program Files\Common Files\Droppix\DxService.exe (Droppix)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC)
DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (ppa3) -- C:\WINDOWS\system32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\S-1-5-21-299502267-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\S-1-5-21-299502267-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2009/11/27 12:05:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 18:57:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 18:57:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/27 12:10:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/10/16 21:01:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2009/11/27 12:05:23 | 00,000,000 | ---D | M]

[2009/09/05 10:20:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/07/18 15:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2009/07/18 15:35:50 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/12/18 21:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\765qpy9l.default\extensions
[2009/12/18 21:25:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/11 19:01:37 | 00,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2009/10/19 18:59:44 | 00,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-299502267-2025429265-725345543-1003..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-299502267-2025429265-725345543-1003..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-299502267-2025429265-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-299502267-2025429265-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/13 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/19 20:52:37 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2009/12/19 11:18:46 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/12 21:42:11 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/12 10:27:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2009/12/12 10:26:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene
[2009/12/12 10:26:54 | 00,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2009/11/27 14:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/11/27 14:29:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/27 14:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/27 14:29:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/11/27 12:05:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitDefender
[2009/11/27 12:05:06 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/11/27 12:05:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/11/27 12:03:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2008/11/20 18:20:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/20 18:20:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/22 06:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/19 21:12:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2025429265-725345543-1003UA.job
[2009/12/19 20:53:34 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2009/12/19 20:53:12 | 00,000,376 | ---- | M] () -- C:\Documents and Settings\Owner\Application Dataprivacy.xml
[2009/12/19 20:52:33 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/19 20:52:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/19 20:52:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/19 20:51:10 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/19 20:51:09 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/19 18:25:16 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/19 13:12:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2025429265-725345543-1003Core.job
[2009/12/19 11:18:47 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/12/18 10:12:32 | 00,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2009/12/18 09:16:37 | 00,000,850 | ---- | M] () -- C:\Documents and Settings\Owner\Application DataProductTweaks.xml
[2009/12/18 09:15:39 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/16 20:02:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/15 10:25:53 | 00,105,736 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdhv.sys
[2009/12/15 10:25:49 | 00,152,456 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2009/12/15 08:55:29 | 00,000,385 | ---- | M] () -- C:\Documents and Settings\Owner\Application Datauser_gensett.xml
[2009/12/14 20:36:00 | 00,000,288 | ---- | M] () -- C:\WINDOWS\tasks\System Restore.job
[2009/12/12 10:27:05 | 00,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
[2009/12/10 10:06:00 | 00,461,728 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 10:06:00 | 00,078,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 10:05:57 | 00,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 21:33:12 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/06 20:52:49 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003 (2).lnk
[2009/12/06 17:27:10 | 00,010,593 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2009/12/05 18:02:53 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/12/05 11:03:32 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 09:23:11 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/11/28 08:24:11 | 00,000,016 | ---- | M] () -- C:\WINDOWS\System32\asdict.dat
[2009/11/28 08:24:11 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/11/27 12:58:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_bl.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\wsbl.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_white.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_summ.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_spoof.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_sign.slf
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_black.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
[2009/11/27 12:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_sbl.sig
[2009/11/27 12:20:40 | 00,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/11/27 12:10:21 | 00,000,025 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\bdfvconp.ini
[2009/11/27 12:06:19 | 00,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2009/11/27 11:51:47 | 00,337,224 | ---- | M] () -- C:\BdUninstallTool2009.11.27-11.49.03.reg
[2009/11/27 11:49:20 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/11/24 23:05:48 | 02,113,456 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/24 22:40:20 | 00,000,534 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2009/11/23 22:45:01 | 00,000,825 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/11/21 10:51:42 | 01,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/11/21 10:51:04 | 00,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/19 11:18:47 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/12/18 09:16:37 | 00,000,850 | ---- | C] () -- C:\Documents and Settings\Owner\Application DataProductTweaks.xml
[2009/12/15 08:55:29 | 00,000,385 | ---- | C] () -- C:\Documents and Settings\Owner\Application Datauser_gensett.xml
[2009/12/12 10:27:05 | 00,001,640 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
[2009/12/09 21:33:12 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/12/09 21:33:12 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/12/05 18:02:53 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/29 09:23:11 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/11/28 08:24:11 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2009/11/28 08:24:11 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/11/27 12:58:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_bl.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_spoof.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_sign.slf
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
[2009/11/27 12:23:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_sbl.sig
[2009/11/27 12:20:40 | 00,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/11/27 12:10:21 | 00,000,025 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\bdfvconp.ini
[2009/11/27 12:10:09 | 00,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Dataprivacy.xml
[2009/11/27 12:06:19 | 00,001,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2009/11/27 11:49:03 | 00,337,224 | ---- | C] () -- C:\BdUninstallTool2009.11.27-11.49.03.reg
[2009/11/24 23:02:35 | 00,002,495 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003 (2).lnk
[2009/11/24 22:40:20 | 00,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/10/28 11:31:35 | 00,002,587 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2009/09/20 07:21:31 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/09 09:30:46 | 00,000,590 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/03/04 21:47:59 | 00,000,087 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2009/01/15 12:45:34 | 00,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/12/05 21:59:47 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/08/28 19:58:04 | 00,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/01 16:24:43 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/07/01 16:23:19 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/07/01 16:21:42 | 00,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/06/30 19:03:46 | 00,000,776 | ---- | C] () -- C:\WINDOWS\DcmLtbox.ini
[2008/06/24 12:37:01 | 00,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/06/21 18:18:58 | 00,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2008/06/19 07:44:21 | 00,000,609 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/06/09 21:16:49 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/17 12:32:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/14 00:53:22 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/15 12:47:48 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll
[2007/01/31 13:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm

Re: slow computer

Unread postby Carolyn » December 21st, 2009, 12:28 pm

Hello Iverna,

Uninstall Ask Toolbar
I recommend that you uninstall Ask Toolbar due to that companies use of disceptive and otherwise questionable practices.
Please read this article, Current Practices of IAC/Ask Toolbars.
If you decide to uninstall Ask Toolbar, you can do so as follows:
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight Ask Toolbar, click Remove.

=======================

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: slow computer

Unread postby lverna » December 25th, 2009, 9:53 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, December 25, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, December 25, 2009 14:05:03
Records in database: 3411098
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
E:\
F:\

Scan statistics:
Objects scanned: 99051
Threats found: 1
Infected objects found: 0
Suspicious objects found: 8
Scan duration: 03:31:48


File name / Threat / Threats count
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\uoatrvva.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 8

Selected area has been scanned.
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm

Re: slow computer

Unread postby Carolyn » December 26th, 2009, 6:07 pm

Hello Iverna,

The Kaspersky online scan indicates that there are 8 infected emails in your Thunderbird Inbox. Unfortunately, the scan does not indicate which emails are at issue. I recommend that you delete any unecessary emails from the Inbox, especially those with attachments. After deleting emails, scan again with Kaspersky and repeat the process until the scanner no longer identifies any emails as being infected.

At this point there are no other signs of malware on your computer and I am confident that the slowness is not malware related. You may want to take a look at the tutorial What to do if your Computer is running slowly. If that tutorial does not help you resolve the slowness, then I suggest that you post at one of the general computer troubleshooting forums for continued assistance.

http://forums.whatthetech.com/forums.html
http://www.techguy.org/
http://www.bleepingcomputer.com/forums/

=======================

This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

CleanUp! with OTL
  • Double click OTL.exe to launch the program.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • When finished exit out of OTL
  • The tool will delete itself once it finishes, if not delete it by yourself.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Clear Infected System Restore Points
    • Click start-->Run and type cleanmgr into the run box and then click "OK".
    • Select the drive where Windows is installed (if you have more than one drive) and click "OK".
    • When the scan completes, check/uncheck desired boxes.
    • Next, please click the More Options tab at the top.
    • Click the "Clean up..." button under the System Restore section at the bottom.
    • Answer Yes to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
    • The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.


  • Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under Hidden files and folders if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check Display content of system folders
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Malwarebytes' Anti-Malware or SuperAntiSpyware
    These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
    You can download SuperAntiSpyware from HERE.

  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

    Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
    If this isn't done first, the next reboot may take a VERY LONG TIME.
    This is how to do it. First be sure you are signed in as a user with administrative privileges:
    Stop and Disable the DNS Client Service
    Go to Start, Run and type Services.msc and click OK.
    Under the Extended Tab, Scroll down and find this service.
    DNS Client
    Right-Click on the DNS Client Service. Choose Properties
    Select the General tab. Click on the Stop button.
    Click the Arrow-down tab on the right-hand side at the Start-up Type box.
    From the drop-down menu, click on Manual
    Click the Apply tab, then click OK


  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: slow computer

Unread postby lverna » December 26th, 2009, 11:31 pm

bitdefender finds these email links. I can't find the attachment with a problem.

this slows my computer by adding about 3-4 gigs of data to my c drive

does the info posted below point to the emails with a problem?

thanks for all the info!! i'll make a donation soon.


Object Path Threat Name Final Status
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\temp\Inbox=>(message 2989) Generic.Peed.Eml.0DE5877A Archive moved to Quarantine
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\temp\Inbox=>(message 2990) Generic.Peed.Eml.BDC7781C Archive moved to Quarantine
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\temp\Sent=>(message 1075) Generic.Peed.Eml.81CB55F8 Archive moved to Quarantine
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm

Re: slow computer

Unread postby Carolyn » December 28th, 2009, 3:47 pm

lverna wrote:bitdefender finds these email links. I can't find the attachment with a problem.

this slows my computer by adding about 3-4 gigs of data to my c drive

does the info posted below point to the emails with a problem?

thanks for all the info!! i'll make a donation soon.


Object Path Threat Name Final Status
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\temp\Inbox=>(message 2989) Generic.Peed.Eml.0DE5877A Archive moved to Quarantine
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\temp\Inbox=>(message 2990) Generic.Peed.Eml.BDC7781C Archive moved to Quarantine
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\temp\Sent=>(message 1075) Generic.Peed.Eml.81CB55F8 Archive moved to Quarantine


Unfortunately, with the limited information available from the Kaspersky scan I have no way of determining if the email messages quarantined by BitDefender are the emails identified by Kaspersky. The few emails should not add 3-4 gigs to your drive. I suggest that you contact BitDefender for further support of that program and/or reinstall the program so that BitDefender uses a drive other than C:

I'm glad I was able to assist you with your computer problems. Happy/Safe surfing. :)
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: slow computer

Unread postby NonSuch » January 3rd, 2010, 2:19 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 61 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware