Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet runs very slowly or stops working when using

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet runs very slowly or stops working when using

Unread postby sjohn » December 16th, 2009, 9:50 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:46 PM, on 12/16/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksl.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://funschool.kaboose.com/globe-rider/aliens/games/game-alien-abduction.html"
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 2472 bytes



32 Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.1
Adobe Shockwave Player 11.5
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bing Maps 3D
Blue Coat® K9 Web Protection 4.0.288
Bonjour
Compatibility Pack for the 2007 Office system
Dell Resource CD
Google Earth
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Assistant
HP Solution Center 8.0
HP Update
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.11.0
Intel(R) PRO Network Connections 12.1.11.0
iTunes
Java(TM) 6 Update 15
JumpStart Animal Adventures
Malwarebytes' Anti-Malware
sjohn
Regular Member
 
Posts: 16
Joined: December 16th, 2009, 9:43 pm
Advertisement
Register to Remove

Re: Internet runs very slowly or stops working when using

Unread postby MWR 3 day Mod » December 22nd, 2009, 3:15 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Internet runs very slowly or stops working when using

Unread postby Jack&Jill » December 25th, 2009, 12:37 pm

Hello sjohn,

Sorry for the delay.

Welcome to Malware Removal. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
  • Please observe and follow these Forum Rules and HOW TO GET HELP AT THIS FORUM (YOU MUST READ THIS).
  • It will take some time for me to go through your logs, so please be patient with me.
  • Backing up important data is a good idea as malware removal is a hazardous undertaking. Please do so if you haven't already.
  • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
  • Reply and keep only to this thread. If you have the same topic elsewhere, please inform me or the other forum so that either can be closed.
  • If you have any doubts or problems during the fix, please stop and ask.
  • If you need to be away for a while during the fix, please let me know.
  • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
  • Do not use or run any tools without supervision as they may cause more harm if improperly used.
  • Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
  • Please read the instructions carefully and follow them closely, in the order they are presented to you.
  • All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
  • If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly :) . We may begin.

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download OTL© by OldTimer and save it to your desktop. Click here.
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options is checked (ticked). There are six of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.

Please download GMER and save it to your desktop. Click here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
  • In the right panel, you will see several boxes that have been checked (ticked).
    • Uncheck Sections
    • Uncheck IAT/EAT
    • Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
    • Uncheck Show All (don't miss this one)
  • Then click the Scan button and wait for it to finish.
  • Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

Do not run any other programs while GMER is running.

Please post back:
1. OTL logs (OTL.txt and Extras.txt)
2. GMER log
3. the details of your problems
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet runs very slowly or stops working when using

Unread postby sjohn » December 26th, 2009, 3:16 pm

OTL logfile created on: 12/26/2009 12:02:06 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = G:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 342.46 Gb Free Space | 75.15% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.49 Gb Free Space | 44.91% Space Free | Partition Type: NTFS
Drive E: | 392.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 7.47 Gb Total Space | 0.39 Gb Free Space | 5.20% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIEL-PC
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/26 12:09:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2009/12/17 20:01:45 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/17 20:01:26 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/12 18:42:11 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/12 18:42:11 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/15 13:35:49 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/15 13:35:49 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/15 13:35:45 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/04/10 23:28:15 | 00,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/10 23:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/13 11:08:32 | 00,252,416 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2009/02/06 17:02:16 | 00,170,496 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/13 16:39:08 | 01,078,560 | ---- | M] () -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2008/01/19 00:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2006/11/02 05:35:35 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (SafeList) ==========

MOD - [2009/12/26 12:09:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2009/04/10 23:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/19 16:20:22 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/17 20:01:26 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/15 13:35:45 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/24 18:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/03/25 08:09:03 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/13 16:39:08 | 01,078,560 | ---- | M] () [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/01/19 00:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/13 02:23:18 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/03/13 02:23:18 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/11/11 14:29:20 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/15 13:36:26 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/15 13:36:25 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/23 05:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/01/13 16:39:06 | 00,072,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/02/11 19:36:10 | 02,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/04/13 13:22:56 | 00,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/02/21 12:49:47 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/02/21 12:49:47 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/02/21 12:49:47 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/05 22:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2007/01/05 22:59:34 | 00,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
DRV - [2006/11/02 02:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:53 | 00,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 00:41:50 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 00:41:48 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/04/07 17:06:38 | 00,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ksl.com/
IE - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\S-1-5-21-2490235737-1587106647-3589786812-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/12/25 22:25:11 | 00,000,000 | ---D | M]


O1 HOSTS File: (351981 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12066 more lines...
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident\4.0; File not found
O7 - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000/10/18 12:44:22 | 00,036,924 | R--- | M] () - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/10/18 03:33:00 | 00,000,049 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c67f890a-ba7c-11dd-8b7f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c67f890a-ba7c-11dd-8b7f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE -- [2000/10/18 12:44:22 | 00,036,924 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/25 22:25:47 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ArcSoft
[2009/12/25 22:25:46 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\ArcSoft
[2009/12/25 22:25:15 | 00,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2009/12/25 22:24:53 | 00,245,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll
[2009/12/25 22:24:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/12/25 22:24:53 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/12/25 22:23:51 | 00,000,000 | ---D | C] -- C:\Philips
[2009/12/25 22:23:18 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\InstallShield
[2009/12/17 12:53:05 | 00,000,000 | ---D | C] -- C:\Program Files\ODI
[2009/12/15 16:45:47 | 00,000,000 | ---D | C] -- C:\TimezAttack
[2009/12/13 11:24:17 | 00,000,000 | ---D | C] -- C:\Users\Daniel\2009-12-13 Liza 11-12 2009
[2009/12/09 03:02:11 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/09 03:02:10 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/08 15:21:24 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/08 15:21:24 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/08 15:21:24 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/08 15:21:24 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/12/08 15:21:24 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/08 15:21:24 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/08 15:21:24 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/08 15:21:23 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/08 15:21:23 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/08 15:21:23 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/12/08 15:21:23 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/08 15:21:23 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/08 15:21:23 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/08 15:21:23 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/12/08 15:20:47 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/03 21:40:50 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\2009-7July
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/26 12:03:41 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/26 12:03:41 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/26 12:03:41 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/26 12:01:59 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{747B452E-9578-43CF-846B-3393845136BF}.job
[2009/12/26 12:01:34 | 06,029,312 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat
[2009/12/26 11:49:43 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/26 11:48:45 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/12/26 11:46:53 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/26 11:46:53 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2009/12/26 11:46:53 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2009/12/26 11:46:52 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2009/12/26 11:46:52 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2009/12/26 11:46:20 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 11:46:20 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 11:46:17 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/26 11:46:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/26 11:46:14 | 21,361,33632 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/26 11:44:54 | 00,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/26 11:44:54 | 00,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/26 11:44:49 | 03,309,653 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db
[2009/12/26 11:25:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/26 09:05:57 | 47,065,498 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/26 09:05:24 | 00,127,917 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/25 22:25:18 | 00,002,166 | ---- | M] () -- C:\Users\Public\Desktop\Internet Video Downloader.lnk
[2009/12/25 22:25:18 | 00,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Media Converter for Philips.lnk
[2009/12/25 22:23:51 | 00,000,745 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
[2009/12/25 22:23:51 | 00,000,711 | ---- | M] () -- C:\Users\Public\Desktop\Philips GoGear VIBE Device Manager.lnk
[2009/12/25 20:25:44 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BA5451C0-6665-4080-8466-58E71CD41F6A}.job
[2009/12/25 19:31:29 | 00,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/25 18:29:21 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/22 07:32:24 | 17,334,1259 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/19 18:37:36 | 00,057,344 | ---- | M] () -- C:\Users\Daniel\Desktop\The Budget 1-10.xls
[2009/12/19 09:08:04 | 00,057,344 | ---- | M] () -- C:\Users\Daniel\Desktop\The Budget 12-09.xls
[2009/12/16 14:27:24 | 00,351,981 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/15 16:45:54 | 00,000,740 | ---- | M] () -- C:\Users\Public\Desktop\Timez Attack.lnk
[2009/12/15 11:54:17 | 00,030,720 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/13 11:05:05 | 00,026,112 | ---- | M] () -- C:\Users\Daniel\Desktop\Savings 2009.xls
[2009/12/12 18:37:59 | 00,000,552 | ---- | M] () -- C:\Users\Daniel\AppData\Local\d3d8caps.dat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/01 13:16:47 | 00,025,088 | ---- | M] () -- C:\Users\Daniel\Desktop\Savings 2010.xls
[2009/11/29 11:49:49 | 00,057,856 | ---- | M] () -- C:\Users\Daniel\Desktop\The Budget 11-09.xls
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/26 11:46:53 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/26 11:46:53 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2009/12/26 11:46:52 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2009/12/26 11:46:52 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2009/12/26 11:46:52 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2009/12/25 22:25:18 | 00,002,166 | ---- | C] () -- C:\Users\Public\Desktop\Internet Video Downloader.lnk
[2009/12/25 22:25:18 | 00,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Media Converter for Philips.lnk
[2009/12/25 22:23:51 | 00,000,745 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
[2009/12/25 22:23:51 | 00,000,711 | ---- | C] () -- C:\Users\Public\Desktop\Philips GoGear VIBE Device Manager.lnk
[2009/12/25 19:31:29 | 00,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/25 18:29:21 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/22 07:32:24 | 17,334,1259 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/19 16:20:33 | 00,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/19 16:20:32 | 00,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/15 16:45:54 | 00,000,740 | ---- | C] () -- C:\Users\Public\Desktop\Timez Attack.lnk
[2009/12/03 21:25:25 | 21,361,33632 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/02 21:38:53 | 00,057,344 | ---- | C] () -- C:\Users\Daniel\Desktop\The Budget 1-10.xls
[2009/10/15 13:39:41 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/30 08:24:58 | 00,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2009/09/30 08:24:54 | 00,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2009/09/16 20:02:31 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/26 18:48:18 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/28 16:32:14 | 00,000,388 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/03/27 17:59:52 | 00,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/03/27 09:22:08 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/03/27 09:22:08 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/03/27 09:22:08 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/03/27 09:21:26 | 00,000,909 | ---- | C] () -- C:\Windows\disney.ini
[2009/03/27 08:47:51 | 00,000,115 | ---- | C] () -- C:\Windows\ka.ini
[2009/02/23 12:51:28 | 00,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2009/02/23 12:51:28 | 00,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/01/18 17:49:16 | 00,002,204 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/01/13 16:39:06 | 00,072,992 | ---- | C] () -- C:\Windows\System32\drivers\bckd.sys
[2009/01/01 13:34:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
[2009/01/01 13:34:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
[2008/11/25 13:34:24 | 00,030,720 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/24 16:33:38 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/11/24 16:33:38 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2008/11/24 15:33:29 | 00,000,552 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d8caps.dat
[2008/11/24 15:26:58 | 00,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/01/17 12:29:55 | 00,000,000 | ---D | M] -- C:\Users\Children\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/21 14:44:44 | 00,000,000 | ---D | M] -- C:\Users\Children\AppData\Roaming\PeerNetworking
[2009/02/04 10:50:35 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICAClient
[2009/12/20 19:11:00 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Image Zone Express
[2009/09/02 19:15:28 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Passage Express
[2009/02/23 12:52:23 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\pdf995
[2009/07/11 13:15:40 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Printer Info Cache
[2009/02/04 10:50:12 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Runaware
[2009/05/18 10:18:23 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TaxCut
[2009/12/26 11:46:52 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2009/12/26 11:46:52 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2009/12/26 11:46:53 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2009/12/26 11:46:53 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2009/12/26 11:46:53 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/12/26 11:45:02 | 00,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/26 12:01:59 | 00,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{747B452E-9578-43CF-846B-3393845136BF}.job
[2009/12/25 20:25:44 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BA5451C0-6665-4080-8466-58E71CD41F6A}.job

========== Purity Check ==========


< End of report >
sjohn
Regular Member
 
Posts: 16
Joined: December 16th, 2009, 9:43 pm

Re: Internet runs very slowly or stops working when using

Unread postby sjohn » December 26th, 2009, 3:17 pm

OTL Extras logfile created on: 12/26/2009 12:02:06 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = G:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 342.46 Gb Free Space | 75.15% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.49 Gb Free Space | 44.91% Space Free | Partition Type: NTFS
Drive E: | 392.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 7.47 Gb Total Space | 0.39 Gb Free Space | 5.20% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIEL-PC
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04595EAD-77EE-4DCA-8961-B1A3673667C0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{29BC9594-E4F1-43CD-A201-E2B716F4A66F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{504FB08D-06F0-4130-8676-EFE3F753EAA3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{848DDDFA-3030-42FD-BC7C-F3B18DF055C9}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{94ED5579-B13D-4067-AF13-32D37D477BF3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9E2F6816-B83C-454B-8F6D-F667360FBCD6}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"TCP Query User{01A59ABD-6CCF-4538-A040-9D9AF29E9CBA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1B50BEDE-DF83-4162-AAAD-76977BE5CEDC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D4AB687-1E23-418C-91CF-286EC8EB09C2}" = TaxCut Utah 2008
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{26172898-C5F8-11D4-BAB3-0010B53EC668}" = Ulead Photo Express 4.0 My Scrapbook Edition
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5F87EF36-A373-11D5-AA2E-0008C760B784}" = Monsters Jr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{858504FC-4EE3-4265-B219-FE5FA34C9D81}" = Passage Express
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7F0B319-2FD0-473F-AC6C-E74035AF85D0}" = TaxCut Colorado 2008
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"Blue Coat K9 Web Protection" = Blue Coat® K9 Web Protection 4.0.288
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"JumpStart Animal Adventures" = JumpStart Animal Adventures
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motocross Mania" = Motocross Mania
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MSMONEYV80" = Microsoft Money 2000 Standard Edition
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"The MultiForm Solution5.9.2" = The MultiForm Solution
"Where in the World Is Carmen Sandiego? Treasures of Knowledge" = Where in the World Is Carmen Sandiego? Treasures of Knowledge

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2490235737-1587106647-3589786812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FamilySearch Indexing (www.familysearchindexing.org)" = FamilySearch Indexing (www.familysearchindexing.org)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2009 7:27:17 AM | Computer Name = Daniel-PC | Source = Google Update | ID = 20
Description =

Error - 12/26/2009 1:23:34 AM | Computer Name = Daniel-PC | Source = VSS | ID = 8194
Description =

Error - 12/26/2009 1:24:44 AM | Computer Name = Daniel-PC | Source = VSS | ID = 8194
Description =

Error - 12/26/2009 1:41:26 AM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Faulting application installer.exe, version 1.0.0.0, time stamp 0x485196cf,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6378616d, process id 0xe9c, application start time 0x01ca85eb588fd2ea.

Error - 12/26/2009 1:46:42 AM | Computer Name = Daniel-PC | Source = Application Hang | ID = 1002
Description = The program GoGear_Vibe_DeviceManager.exe version 1.5.0.0 stopped
interacting with Windows and was closed. To see if more information about the problem
is available, check the problem history in the Problem Reports and Solutions control
panel. Process ID: ad8 Start Time: 01ca85eb9d7565aa Termination Time: 2

Error - 12/26/2009 3:27:17 AM | Computer Name = Daniel-PC | Source = Google Update | ID = 20
Description =

Error - 12/26/2009 4:27:17 AM | Computer Name = Daniel-PC | Source = Google Update | ID = 20
Description =

Error - 12/26/2009 5:27:17 AM | Computer Name = Daniel-PC | Source = Google Update | ID = 20
Description =

Error - 12/26/2009 6:27:17 AM | Computer Name = Daniel-PC | Source = Google Update | ID = 20
Description =

Error - 12/26/2009 7:27:17 AM | Computer Name = Daniel-PC | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 1/26/2009 4:32:20 PM | Computer Name = Daniel-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/29/2009 10:19:13 PM | Computer Name = Daniel-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/4/2009 12:19:08 AM | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/4/2009 12:19:08 AM | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/4/2009 12:19:08 AM | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/4/2009 12:19:08 AM | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/4/2009 3:37:43 PM | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:09:51 PM on 12/4/2009 was unexpected.

Error - 12/12/2009 10:06:39 PM | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:05:07 PM on 12/12/2009 was unexpected.

Error - 12/13/2009 1:08:40 PM | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:12:33 PM on 12/12/2009 was unexpected.

Error - 12/16/2009 1:06:42 PM | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:51:38 AM on 12/16/2009 was unexpected.

Error - 12/22/2009 10:32:30 AM | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:31:10 AM on 12/22/2009 was unexpected.

Error - 12/24/2009 1:34:52 PM | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:28:04 AM on 12/24/2009 was unexpected.


< End of report >
sjohn
Regular Member
 
Posts: 16
Joined: December 16th, 2009, 9:43 pm

Re: Internet runs very slowly or stops working when using

Unread postby sjohn » December 26th, 2009, 3:36 pm

GMER will not run. After clicking the Scan button, computer shuts down. Have tried to run several times with same result. HELP!!
sjohn
Regular Member
 
Posts: 16
Joined: December 16th, 2009, 9:43 pm

Re: Internet runs very slowly or stops working when using

Unread postby Jack&Jill » December 27th, 2009, 11:14 am

Hello sjohn :),

You may skip the GMER step for now. I need the details of your problem to properly assess the situation. Please describe them to me.

What do you use the computer for?

Validate Windows
  • Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.

Check for additional security risks
  • Please download CKScanner© by askey127 and save to your desktop. Click here.
  • Double click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
  • Post the contents of ckfiles.txt in your reply, it is located on your desktop.

Please post back:
1. the details of your problem
2. the answer to my question on your computer
3. MGADiag result
4. CKScanner log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet runs very slowly or stops working when using

Unread postby sjohn » December 27th, 2009, 1:33 pm

1. Details of the problems:

The computer will only bring up 2 or 3 websites and then acts like dial-up or won’t work at all. I will have to reboot to get the internet to work again. Can’t download—I have to use another computer to download recommended programs.

When trying to play a DVD it will shut down the computer.

2. Computer use:

Internet searches for used cars, ATVs and parts-lots of internet.
Internet banking & personal budgeting.
Picture storage & digital scrapbooking.
Some games.

3. MGADiag result

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: 0x0
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {6E053AC6-4EB8-4F18-8BA9-C032D1D6057E}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.090803-2339
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6E053AC6-4EB8-4F18-8BA9-C032D1D6057E}</UGUID><Version>1.9.0011.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-2490235737-1587106647-3589786812</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.5</Version><SMBIOSVersion major="2" minor="5"/><Date>20070914000000.000000+000</Date></BIOS><HWID>36323507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>FX09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-1033-6000.0000-3292008
Installation ID: 000700490760905824777000742612383290198903810051492281
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

HWID Data-->
HWID Hash Current: NAAAAAEABAABAAEAAQABAAAAAgABAAEAJJQiafwy8nu2WWT+iP0OoOxQ8vREJbSrrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL FX09
FACP DELL FX09
HPET DELL FX09
MCFG DELL FX09
SLIC DELL FX09
DMY2 DELL FX09
SSDT PmRef CpuPm



4. CKScanner log

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\odi\motocross mania\replays\nut cracker6.dem
scanner sequence 3.AP.11
----- EOF -----


Thanks
sjohn
Regular Member
 
Posts: 16
Joined: December 16th, 2009, 9:43 pm

Re: Internet runs very slowly or stops working when using

Unread postby Jack&Jill » December 28th, 2009, 5:16 am

Hello sjohn :),

Do you know the following program and use it?
TestDrive Client

2. Computer use:

Internet searches for used cars, ATVs and parts-lots of internet.
Internet banking & personal budgeting.
Picture storage & digital scrapbooking.
Some games.
Is it a personal computer?
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet runs very slowly or stops working when using

Unread postby sjohn » December 28th, 2009, 1:25 pm

Don't know what TestDrive Client is.

Yes. This is a personal computer.
sjohn
Regular Member
 
Posts: 16
Joined: December 16th, 2009, 9:43 pm

Re: Internet runs very slowly or stops working when using

Unread postby Jack&Jill » December 28th, 2009, 7:48 pm

Hello sjohn :),

Your internet problems could be caused by the immunization by Spybot - Search & Destroy. Undo it to see if it helps.

You are having too many protection/security programs that may cause conflict. Please choose one between Blue Coat® K9 Web Protection 4.0.288 and Vista Parental Control and disable or uninstall the other.

On top of that, I also suggest you to uninstall Ad-Aware and either one between Spybot - Search & Destroy and Windows Defender. Having one Antispyware program would be enough. I will provide some recommendations when we are sure you are malware free.

When trying to play a DVD it will shut down the computer.
This could be a power supply or incompatibility issue. I will direct you to another forum that deals with this kind of stuff when we are done here.

You have Malwarebytes' Anti-Malware (MBAM) on your machine. I wish to take a look at the most recent log file. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here. If there is no log or you have yet to run MBAM, please let me know.

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download SysProt AntiRootkit© by swatkat and save it to your desktop. Click here.
  • Scroll down to the bottom of the page and click on SysProt.zip under the Attachments section to save the file.
  • Unzip it into a folder on your desktop and enter it, then double click on SysProt.exe to start the program.
  • Go to the Log tab and check (tick) all items listed in the Write to log box.
  • Check Hidden Objects Only at the bottom of the window too.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear. Select Scan root drive only and click Start.
  • When completed, you will be prompted showing the location of SysProtLog.txt, which is the same folder SysProt.exe was extracted to. Post the contents of the log in your reply.

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to ESET Online Scanner page.
  • Click on ESET Online Scanner. A new window will open.
    For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
  • You will be prompted to install an ActiveX Control from ESET. Please install.
  • At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
  • Now, click on Advanced settings and make sure all these are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click on Scan to proceed.
  • Click Finish and close the window.
  • Navigate to C:\Program Files\ESET\ESET Online Scanner using Windows Explorer and look for log.txt.
  • Post the contents of log.txt in your reply.

Please post back:
1. how is your computer now?
2. the recent MBAM report if available
3. SysProt result
4. ESET online scan result
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet runs very slowly or stops working when using

Unread postby sjohn » December 29th, 2009, 12:59 pm

1. Computer runs the same-Internet is slow. Wouldn't even run last night so shut it down for the night.

2. MBAM

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6002 Service Pack 2

12/16/2009 4:49:47 PM
mbam-log-2009-12-16 (16-49-47).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|H:\|I:\|J:\|)
Objects scanned: 198737
Time elapsed: 39 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3. SysProt

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************

4. ESET

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK


(This is odd because while it was running it showed two warnings.)
sjohn
Regular Member
 
Posts: 16
Joined: December 16th, 2009, 9:43 pm

Re: Internet runs very slowly or stops working when using

Unread postby Jack&Jill » December 29th, 2009, 10:02 pm

Hello sjohn :),

You only experienced slow internet connection? No other issues? When did it start?

You may want to print out these instructions for reference, since you will have to restart your computer or go into Safe Mode during the fix.

Restart in Safe Mode

Rerun GMER
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
  • In the right panel, you will see several boxes that have been checked (ticked).
    • Uncheck Sections
    • Uncheck IAT/EAT
    • Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
    • Uncheck Show All (don't miss this one)
  • Then click the Scan button and wait for it to finish.
  • Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

Do not run any other programs while GMER is running.

Please post back:
1. the answers to my questions about your problem
2. the GMER result
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet runs very slowly or stops working when using

Unread postby sjohn » December 30th, 2009, 2:32 am

1. Yes, slow internet. (I have another computer on the same connection and it is not slow.)
Also running some programs or CD/DVD will shut down the computer from time to time. For example, 3x I ran GMER and it would throw an error "GMER.exe has stopped working" when I closed the program the computer would shut down and flash a blue screen that said something like, "Problem detected and is shutting down to protect your computer..."

I was trying to run the program from a jump drive. When I ran it from the desktop it finally worked. I don't get it.

2. GMER log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-29 23:15:50
Windows 6.0.6002 Service Pack 2
Running: 7mgd34cv.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwryrpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
sjohn
Regular Member
 
Posts: 16
Joined: December 16th, 2009, 9:43 pm

Re: Internet runs very slowly or stops working when using

Unread postby Jack&Jill » December 30th, 2009, 3:11 am

Hello sjohn :),

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download ATF (Atribune Temp File) Cleaner© by Atribune from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Run ATF Cleaner
  • Double-click ATF Cleaner.exe to open it.
  • Click Run if prompted.
  • At the bottom of the list, check (tick) Select All.
  • Note: If you would like to keep your cookies, please uncheck this option as it will remove all cookies, including the useful ones you may want to keep.
  • Then click the Empty Selected button.
  • Firefox:
    • Click Firefox at the top and choose: Select All. Uncheck the cookies option if you want to keep them.
    • Click the Empty Selected button.
    • Note: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

I want you to update MBAM and run a scan.
  • Open MBAM and click on the Update tab, then Check for Updates.
  • When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
  • Leave the default options as it is and click on Start Scan.
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

Do an online scan with Kaspersky Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to Kaspersky Online Scanner page.
  • Read through the requirements and privacy statement and click on the Accept button.
  • Download and installation of the scanner and virus definitions will begin. If prompted to install from Kaspersky, please proceed.
  • When the downloads have finished, click on Settings on the lower left of the window.
  • Make sure all these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan tab to start scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place as KasperskyScan.txt. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Post the contents of that report in your reply.

Check your hard disk for error
  • Go to Start > Run.... Copy and paste the following text into the white box:
    Code: Select all
    cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
  • Click OK. A command prompt window will appear for a while. Please wait until it closes.
  • Post the contents of checkhd.txt. It is found on your desktop.

Please download VEW© by Vino Rosso and save it to your desktop. Click here.
  • Double click on VEW.exe to start the program.
  • In the Select log to query section, check (tick):
    • Application
    • System
  • In the Select type to list section, check:
    • Critical (not XP)
    • Error
    • Information
    • Warning
  • In the Number or date of events section, check:
    • Date of events... then enter the From and To dates (the range from the start of incident until now).
  • Press the Run button.
  • A Notepad report will open when done, please post the contents of this report. It is located at %systemdrive%\VEW.txt, usually C:\VEW.txt.

Please post back:
1. new MBAM result
2. Kaspersky online scan report
3. chkdsk log
4. VEW log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware