Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE, Firefox not working. Extremely slow computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE, Firefox not working. Extremely slow computer

Unread postby DaisyLJ » November 7th, 2010, 11:10 pm

Hi,

I'm running windows XP Service pack 3. Recently, I lost the ability to connect to the internet via IE and firefox. IE just refuses to load up and firefox gives me "proxy server refused connection." It also takes about 2 mins for the window to pop-up after double-clicking the icon, when previously it was almost instantaneous. I solved the proxy problem on both IE and firefox by going to internet options and changing it to not go through a proxy but I don't know what caused the problem in the first place as IE and firefox was previously working perfectly. Computer speed is still crawling and it still takes a long time for windows to pop-up. I have already gone through and completed all the steps in the "if your computer is slow, it may not be Malware related" thread but the there has been no speed change. I haven't installed anything, changed the registry, or done any changes recently that would alter the computer's performance so drastically.

HijackThis Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:47:17 PM, on 11/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTSMMSG.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {A1E738AF-56B7-4B59-B926-711B8256CC4A} - (no file)
O2 - BHO: (no name) - {C9AC7683-F309-4EDF-903E-72F255EA3189} - (no file)
O2 - BHO: (no name) - {CE9BB488-8CFD-4ABF-94D9-520BE7C8670E} - (no file)
O2 - BHO: (no name) - {D902CBBE-8861-470D-91FF-9BA06CD77F7E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F4262975-15EF-43A0-B5D9-FF2385E1A6BA} - (no file)
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ejxrqmrl] C:\Documents and Settings\Norm\Application Data\bueiekmse\cdqcfcwuqiw.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6278065685
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Quickbooks Premier\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 6489 bytes

Uninstall List
2008 Lacerte Tax
2009 Lacerte Tax
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
AVG Free 9.0
CCleaner
Corporate DocuPAK
DivX
DivX Player
DivX Web Player
Document eSort Components
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intuit Runtime Components 6.0.16
Java(TM) 6 Update 16
Lacerte Runtime Components
Lotus SmartSuite Release 9
Lucent Technologies Soft Modem AMR
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Demo
NJStar Communicator
NVIDIA Drivers
NVIDIA nView Desktop Manager
QuickBooks Premier: Accountant Edition 2008
QuickTime
RealMedia (remove only)
RealPlayer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SiS Audio Driver
SiS Compatible VGA V2.07f.01
Support Actions Win2K,WinXP
SupportSoft Assisted Service
TFP for 2005
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO System Information
VideoLAN VLC media player 0.8.6a
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Defender
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol
WinRAR archiver

Thank you
DaisyLJ
Active Member
 
Posts: 7
Joined: November 7th, 2010, 9:44 pm
Advertisement
Register to Remove

Re: IE, Firefox not working. Extremely slow computer

Unread postby deltalima » November 10th, 2010, 4:46 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE, Firefox not working. Extremely slow computer

Unread postby deltalima » November 10th, 2010, 4:58 am

Hi DaisyLJ,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE, Firefox not working. Extremely slow computer

Unread postby DaisyLJ » November 11th, 2010, 11:06 pm

Hi deltalima,

Thank you for the help. This computer is for home use. Sorry I didn't respond sooner but I've been having problems running GMER. I tried scanning it several times but my computer always freezes halfway. I think I managed to get a complete scan today but I'm not 100% sure. I apologize if the gmer.txt log is not complete.

GMER.txt
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-11 18:59:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST380020A rev.5.38
Running: umkuicrv.exe; Driver: C:\DOCUME~1\Norm\LOCALS~1\Temp\afayyfod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6D09360, 0x32E00D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

OTL Extras.txt
OTL Extras logfile created on: 11/10/2010 1:04:26 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Norm\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 612.00 Mb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.99 Gb Total Space | 1.83 Gb Free Space | 11.45% Space Free | Partition Type: NTFS
Drive D: | 58.51 Gb Total Space | 40.87 Gb Free Space | 69.85% Space Free | Partition Type: NTFS
Drive E: | 953.13 Mb Total Space | 937.00 Mb Free Space | 98.31% Space Free | Partition Type: FAT
Drive H: | 15.73 Gb Total Space | 0.39 Gb Free Space | 2.49% Space Free | Partition Type: FAT32
Drive J: | 283.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VALUED-20606295 | User Name: Norm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"15561:TCP" = 15561:TCP:*:Enabled:BitComet 15561 TCP
"15561:UDP" = 15561:UDP:*:Enabled:BitComet 15561 UDP
"20594:TCP" = 20594:TCP:*:Enabled:BitComet 20594 TCP
"20594:UDP" = 20594:UDP:*:Enabled:BitComet 20594 UDP
"9842:TCP" = 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP" = 9842:UDP:*:Disabled:SolidNetworkManager
"17431:TCP" = 17431:TCP:*:Enabled:BitComet 17431 TCP
"17431:UDP" = 17431:UDP:*:Enabled:BitComet 17431 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\support.com\client\bin\tgcmd.exe" = C:\Program Files\support.com\client\bin\tgcmd.exe:*:Enabled:tgcmd Module -- File not found
"C:\Program Files\InterVideo\DVD7\WinDVD.exe" = C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"I:\Games\Steam\SteamApps\normstrom\team fortress 2\hl2.exe" = I:\Games\Steam\SteamApps\normstrom\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- File not found
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Quickbooks Premier\QBDBMgrN.exe" = D:\Quickbooks Premier\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"D:\Program Files\Tax Analysts\OneDisc Premium\bin\CNServer.exe" = D:\Program Files\Tax Analysts\OneDisc Premium\bin\CNServer.exe:*:Enabled:Content Network Server -- (FAST Search and Transfer)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0D9E1F52-CE29-B03B-D79F-8EC434821033}" = Nero 7 Demo
"{0E483B88-EB53-453D-BD2D-E8CB3D063131}" = Document eSort Components
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EE377F9-1FBC-440E-82EB-7B8A1EDDEE52}" = SonicStage CD-R Writing Module
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{32315C32-E769-4AD4-8567-ECB28DB46547}" = Tax Analysts OneDisc Premium
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}" = Intuit Runtime Components 6.0.16
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7FEE267E-003F-43B0-95D2-534D4213D4BA}" = Lacerte Runtime Components
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ECB8220-F423-4BEB-9596-97033C533702}" = QuickBooks Premier: Accountant Edition 2008
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E535DC62-56D6-11D5-8AE3-00105A7276CD}" = SonicStage 1.2.00
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"2008 Lacerte Tax" = 2008 Lacerte Tax
"2009 Lacerte Tax" = 2009 Lacerte Tax
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"Corporate DocuPAK" = Corporate DocuPAK
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NJStar Communicator" = NJStar Communicator
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"SiS Compatible VGA V2.07f.01" = SiS Compatible VGA V2.07f.01
"SiS7012" = SiS Audio Driver
"SmartSuite V98.0" = Lotus SmartSuite Release 9
"TFP for 2005" = TFP for 2005
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1685927933-3652652152-3399203189-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{32315C32-E769-4AD4-8567-ECB28DB46547}" = Tax Analysts OneDisc Premium

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2010 12:38:42 AM | Computer Name = VALUED-20606295 | Source = QuickBooks | ID = 4
Description =

Error - 10/15/2010 12:38:42 AM | Computer Name = VALUED-20606295 | Source = QuickBooks | ID = 4
Description =

Error - 10/15/2010 12:38:42 AM | Computer Name = VALUED-20606295 | Source = QuickBooks | ID = 4
Description =

Error - 10/15/2010 2:07:57 AM | Computer Name = VALUED-20606295 | Source = QuickBooks | ID = 4
Description =

Error - 10/16/2010 11:12:03 PM | Computer Name = VALUED-20606295 | Source = QuickBooks | ID = 4
Description =

Error - 10/16/2010 11:12:03 PM | Computer Name = VALUED-20606295 | Source = QuickBooks | ID = 4
Description =

Error - 10/16/2010 11:12:03 PM | Computer Name = VALUED-20606295 | Source = QuickBooks | ID = 4
Description =

Error - 10/25/2010 5:13:58 PM | Computer Name = VALUED-20606295 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2010 5:18:07 PM | Computer Name = VALUED-20606295 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16544, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/6/2010 10:45:13 PM | Computer Name = VALUED-20606295 | Source = Application Hang | ID = 1002
Description = Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/8/2010 11:53:45 PM | Computer Name = VALUED-20606295 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/8/2010 11:53:51 PM | Computer Name = VALUED-20606295 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/8/2010 11:53:56 PM | Computer Name = VALUED-20606295 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/8/2010 11:54:02 PM | Computer Name = VALUED-20606295 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/8/2010 11:54:08 PM | Computer Name = VALUED-20606295 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/8/2010 11:54:14 PM | Computer Name = VALUED-20606295 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/8/2010 11:54:19 PM | Computer Name = VALUED-20606295 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/8/2010 11:54:25 PM | Computer Name = VALUED-20606295 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/8/2010 11:54:31 PM | Computer Name = VALUED-20606295 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/8/2010 11:54:38 PM | Computer Name = VALUED-20606295 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

OTL.txt
OTL logfile created on: 11/10/2010 1:04:26 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Norm\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 612.00 Mb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.99 Gb Total Space | 1.83 Gb Free Space | 11.45% Space Free | Partition Type: NTFS
Drive D: | 58.51 Gb Total Space | 40.87 Gb Free Space | 69.85% Space Free | Partition Type: NTFS
Drive E: | 953.13 Mb Total Space | 937.00 Mb Free Space | 98.31% Space Free | Partition Type: FAT
Drive H: | 15.73 Gb Total Space | 0.39 Gb Free Space | 2.49% Space Free | Partition Type: FAT32
Drive J: | 283.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VALUED-20606295 | User Name: Norm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Norm\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Norm\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (XDva279) -- C:\WINDOWS\System32\XDva279.sys File not found
DRV - (XDva031) -- C:\WINDOWS\System32\XDva031.sys File not found
DRV - (Pcouffin) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys File not found
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (3Com_A02) -- C:\WINDOWS\system32\drivers\3C254G50.sys (3Com Corporation)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgiVecp.sys (DeviceGuys, Inc.)
DRV - (SMBE) Sony MPEG2 Encoder Board (WDM) -- C:\WINDOWS\system32\drivers\Smbe.sys (Sony Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies)
DRV - (SiS7012) Service for AC'97 Sample Driver (WDM) -- C:\WINDOWS\system32\drivers\sis7012.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys ()
DRV - (SONYWBMS) Sony Memory Stick controller(WB) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1685927933-3652652152-3399203189-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1685927933-3652652152-3399203189-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1685927933-3652652152-3399203189-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1685927933-3652652152-3399203189-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.1.9
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 6092
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/06 18:24:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/06 18:24:14 | 000,000,000 | ---D | M]

[2010/11/06 18:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Mozilla\Extensions
[2010/11/06 23:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Mozilla\Firefox\Profiles\u7wol4bc.default\extensions
[2010/11/06 18:29:17 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Norm\Application Data\Mozilla\Firefox\Profiles\u7wol4bc.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/11/06 18:29:17 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Norm\Application Data\Mozilla\Firefox\Profiles\u7wol4bc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/06 18:29:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Norm\Application Data\Mozilla\Firefox\Profiles\u7wol4bc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/06 18:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Mozilla\Firefox\Profiles\u7wol4bc.default\extensions\adblockpopups@jessehakanen.net
[2010/11/06 18:24:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/23 00:07:38 | 000,419,569 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 14479 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {A1E738AF-56B7-4B59-B926-711B8256CC4A} - No CLSID value found.
O2 - BHO: (no name) - {C9AC7683-F309-4EDF-903E-72F255EA3189} - No CLSID value found.
O2 - BHO: (no name) - {CE9BB488-8CFD-4ABF-94D9-520BE7C8670E} - No CLSID value found.
O2 - BHO: (no name) - {D902CBBE-8861-470D-91FF-9BA06CD77F7E} - No CLSID value found.
O2 - BHO: (no name) - {F4262975-15EF-43A0-B5D9-FF2385E1A6BA} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ejxrqmrl] C:\Documents and Settings\Norm\Application Data\bueiekmse\cdqcfcwuqiw.exe File not found
O4 - HKLM..\Run: [LTSMMSG] C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1685927933-3652652152-3399203189-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 6278065685 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - D:\Quickbooks Premier\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Norm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Norm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 17:12:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/04 17:10:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O32 - AutoRun File - [2003/10/02 21:31:44 | 000,000,068 | -H-- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [1999/09/15 20:42:48 | 000,000,054 | -H-- | M] () - H:\autoexec.nav -- [ FAT32 ]
O32 - AutoRun File - [2003/10/02 21:31:44 | 000,000,054 | ---- | M] () - H:\AUTOEXEC.LTS -- [ FAT32 ]
O32 - AutoRun File - [2007/05/30 18:37:22 | 000,000,197 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 13:03:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Norm\Desktop\OTL.exe
[2010/11/07 18:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/07 17:26:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/07 17:25:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/07 17:08:14 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/11/07 17:08:14 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/11/07 17:08:13 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/11/07 17:07:45 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/11/07 17:06:02 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/11/07 16:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/07 14:28:25 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/11/07 14:28:25 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/11/07 14:28:14 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/11/07 14:28:12 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/11/07 14:28:12 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/11/07 14:28:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/11/07 14:28:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/11/07 14:28:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/11/07 14:28:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/11/07 14:28:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/11/07 14:28:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/11/07 14:28:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/11/07 14:28:09 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/11/07 14:28:09 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/11/07 14:28:09 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/11/07 14:28:09 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/11/07 14:28:09 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/11/07 14:28:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/11/07 14:28:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/11/07 14:28:08 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/11/07 14:28:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/11/07 14:28:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/11/07 14:28:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/11/07 14:28:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/11/07 14:28:04 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/11/07 14:28:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/11/07 14:28:03 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/11/07 14:28:03 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/11/07 14:28:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/11/07 14:28:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/11/07 14:28:02 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/11/07 14:28:02 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/11/07 14:28:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/11/07 14:28:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/11/07 14:28:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/11/07 14:28:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/11/07 14:28:00 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/11/07 14:28:00 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/11/07 14:28:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/11/07 14:28:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/11/07 14:28:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/11/07 14:27:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/11/07 14:27:58 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/11/07 14:27:56 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/11/07 14:27:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/07 14:27:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/07 14:27:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/07 14:17:53 | 000,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/11/06 23:20:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Norm\PrivacIE
[2010/11/06 23:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\Application Data\WinPatrol
[2010/11/06 23:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/11/06 23:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/11/06 22:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/11/06 22:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/11/06 22:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/11/06 22:55:48 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/11/06 22:55:48 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/11/06 22:55:47 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/11/06 22:55:47 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/11/06 22:55:47 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/11/06 22:55:47 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/11/06 22:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/11/06 22:45:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Norm\IETldCache
[2010/11/06 22:34:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/06 20:49:25 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/11/06 20:48:52 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/11/06 20:48:45 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/11/06 20:48:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/11/06 20:47:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/11/06 20:47:27 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/11/06 20:47:03 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/11/06 18:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\Application Data\Malwarebytes
[2010/11/06 18:34:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/06 18:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/06 18:33:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/06 18:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/06 18:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\My Documents\Downloads
[2010/11/06 18:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\Local Settings\Application Data\Mozilla
[2010/11/06 18:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\Application Data\Mozilla
[2010/11/06 18:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/10 12:56:29 | 000,232,108 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/10 12:56:24 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Norm\Desktop\umkuicrv.exe
[2010/11/10 12:56:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norm\Desktop\OTL.exe
[2010/11/10 12:55:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 12:55:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/08 17:58:47 | 067,387,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/11/07 22:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/07 19:20:04 | 000,425,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 19:20:04 | 000,071,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 19:15:45 | 000,199,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/07 19:11:08 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Norm\Desktop\Fix comp.doc
[2010/11/07 19:10:55 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/11/07 18:46:36 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Norm\Desktop\HiJackThis.lnk
[2010/11/07 18:46:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/07 18:46:23 | 000,157,696 | ---- | M] () -- C:\Documents and Settings\Norm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/07 18:10:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/07 14:17:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/06 22:47:16 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/11/06 22:45:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/06 18:25:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/11/06 18:24:32 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/06 18:24:32 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/13 19:19:53 | 000,003,779 | ---- | M] () -- C:\WINDOWS\w08tax.INI
[2010/10/13 19:12:29 | 000,000,040 | ---- | M] () -- C:\WINDOWS\lacerte.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/10 13:03:26 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Norm\Desktop\umkuicrv.exe
[2010/11/07 19:11:07 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Norm\Desktop\Fix comp.doc
[2010/11/07 18:40:49 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Norm\Desktop\HiJackThis.lnk
[2010/11/06 22:03:57 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/11/06 18:25:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/06 18:24:32 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/06 18:24:32 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/20 12:26:13 | 000,000,373 | ---- | C] () -- C:\WINDOWS\NJCOM.INI
[2010/06/19 10:40:05 | 000,001,129 | ---- | C] () -- C:\WINDOWS\TFP2005.INI
[2010/06/16 16:44:16 | 000,001,647 | ---- | C] () -- C:\WINDOWS\W06TAX.INI
[2010/06/16 16:27:32 | 000,000,046 | ---- | C] () -- C:\WINDOWS\LTBUI08.INI
[2010/06/16 16:27:18 | 000,000,047 | ---- | C] () -- C:\WINDOWS\TaxSetup.INI
[2010/06/16 16:14:53 | 000,000,079 | ---- | C] () -- C:\WINDOWS\WTAXSYNC.ini
[2010/06/16 15:20:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2010/06/16 15:19:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2010/06/16 15:13:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2010/06/16 14:59:00 | 000,000,040 | ---- | C] () -- C:\WINDOWS\lacerte.ini
[2010/06/16 14:48:23 | 000,003,779 | ---- | C] () -- C:\WINDOWS\w08tax.INI
[2008/05/05 23:26:52 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\32E51DEE35.dll
[2007/08/12 20:13:01 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/08/12 19:51:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/08/12 19:51:37 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/08/12 19:51:37 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/08/10 20:09:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Dll_OTHER_ENG.dll
[2007/08/04 19:43:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/04 19:12:35 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2007/08/04 18:40:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/04 18:25:33 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/04 18:03:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/08/04 17:12:58 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\Norm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2005/08/09 14:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 14:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 14:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/02 15:35:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 15:35:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/08/02 15:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 15:35:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/08/02 15:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/08/02 15:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/04/26 01:06:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/25 14:13:18 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/04/25 14:13:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/04/25 14:08:09 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2002/04/25 13:48:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2002/04/24 16:36:03 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2002/04/24 16:35:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2002/04/24 10:47:28 | 000,000,804 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/24 10:30:54 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/24 03:36:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1997/11/14 17:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/05/13 17:23:00 | 000,002,233 | ---- | C] () -- C:\WINDOWS\acroread.ini
[1996/02/22 17:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/15 17:23:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll
[1995/09/25 17:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 17:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

< End of report >

Thank you again for all the help.
DaisyLJ
Active Member
 
Posts: 7
Joined: November 7th, 2010, 9:44 pm

Re: IE, Firefox not working. Extremely slow computer

Unread postby deltalima » November 12th, 2010, 5:07 am

Hi DaisyLJ,

I must warn you that there are signs in the log that drive D has bad blocks and is likely to fail soon. You may need to replace the drive.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE, Firefox not working. Extremely slow computer

Unread postby DaisyLJ » November 12th, 2010, 1:16 pm

Thank you for alerting me to drive D: I'll change that out soon.

TDSSKiller log
2010/11/12 09:00:35.0656 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/12 09:00:35.0656 ================================================================================
2010/11/12 09:00:35.0656 SystemInfo:
2010/11/12 09:00:35.0656
2010/11/12 09:00:35.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/12 09:00:35.0656 Product type: Workstation
2010/11/12 09:00:35.0656 ComputerName: VALUED-20606295
2010/11/12 09:00:35.0656 UserName: Norm
2010/11/12 09:00:35.0656 Windows directory: C:\WINDOWS
2010/11/12 09:00:35.0656 System windows directory: C:\WINDOWS
2010/11/12 09:00:35.0656 Processor architecture: Intel x86
2010/11/12 09:00:35.0656 Number of processors: 1
2010/11/12 09:00:35.0656 Page size: 0x1000
2010/11/12 09:00:35.0656 Boot type: Normal boot
2010/11/12 09:00:35.0656 ================================================================================
2010/11/12 09:00:38.0687 Initialize success
2010/11/12 09:04:10.0484 ================================================================================
2010/11/12 09:04:10.0484 Scan started
2010/11/12 09:04:10.0484 Mode: Manual;
2010/11/12 09:04:10.0484 ================================================================================
2010/11/12 09:04:16.0375 3Com_A02 (59273b3f4863c8029065fa1cc1f7bb74) C:\WINDOWS\system32\DRIVERS\3C254G50.sys
2010/11/12 09:04:17.0859 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/12 09:04:18.0515 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/12 09:04:19.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/12 09:04:19.0843 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/12 09:04:22.0453 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/12 09:04:23.0890 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/12 09:04:24.0484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/12 09:04:25.0312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/12 09:04:25.0765 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/12 09:04:26.0375 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/11/12 09:04:26.0703 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/11/12 09:04:27.0328 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/11/12 09:04:28.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/12 09:04:28.0984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/12 09:04:29.0859 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/12 09:04:30.0828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/12 09:04:31.0625 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/12 09:04:35.0078 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2010/11/12 09:04:35.0968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/12 09:04:37.0093 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/12 09:04:38.0656 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2010/11/12 09:04:39.0531 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/12 09:04:40.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/12 09:04:41.0046 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/12 09:04:42.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/12 09:04:43.0515 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/12 09:04:44.0109 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/12 09:04:44.0906 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/12 09:04:45.0562 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/12 09:04:46.0484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/12 09:04:47.0328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/12 09:04:47.0953 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/12 09:04:48.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/12 09:04:49.0656 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/12 09:04:51.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/12 09:04:53.0500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/12 09:04:54.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/12 09:04:55.0937 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/12 09:04:56.0671 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/12 09:04:57.0625 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/12 09:04:58.0562 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/12 09:04:59.0093 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/12 09:05:00.0031 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/12 09:05:01.0046 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/12 09:05:01.0875 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/12 09:05:02.0734 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/12 09:05:03.0484 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/12 09:05:04.0093 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/12 09:05:05.0390 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/12 09:05:07.0000 LucentSoftModem (2760ea66615b0357f3d8f7e7ba147e33) C:\WINDOWS\system32\DRIVERS\LTSM.sys
2010/11/12 09:05:08.0531 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/12 09:05:09.0171 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/12 09:05:09.0734 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/12 09:05:10.0562 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/12 09:05:11.0796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/12 09:05:12.0859 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/12 09:05:14.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/12 09:05:15.0468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/12 09:05:16.0125 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/12 09:05:16.0953 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/12 09:05:17.0765 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/12 09:05:18.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/12 09:05:19.0593 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/12 09:05:20.0140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/12 09:05:21.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/12 09:05:22.0031 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/12 09:05:22.0796 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/12 09:05:23.0531 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/12 09:05:24.0156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/12 09:05:25.0046 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/12 09:05:25.0984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/12 09:05:27.0109 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/12 09:05:28.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/12 09:05:31.0968 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/12 09:05:35.0843 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/12 09:05:36.0703 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/12 09:05:37.0531 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/12 09:05:38.0218 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/12 09:05:38.0937 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/12 09:05:40.0046 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/12 09:05:40.0875 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/12 09:05:42.0062 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/12 09:05:42.0812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/12 09:05:47.0265 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/12 09:05:48.0062 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/12 09:05:48.0921 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/12 09:05:49.0609 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/12 09:05:50.0000 PxHelp20 (79e924e9126bc541d6e1c76e9b077bb7) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/11/12 09:05:52.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/12 09:05:53.0140 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/12 09:05:53.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/12 09:05:54.0187 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/12 09:05:54.0812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/12 09:05:55.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/12 09:05:55.0984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/12 09:05:56.0671 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/12 09:05:57.0390 rtl8139 (dbd3887e257c4348e314e0b94c4cf3ff) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2010/11/12 09:05:58.0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/12 09:05:58.0921 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/12 09:05:59.0328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/12 09:05:59.0984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/12 09:06:01.0093 SiS315 (bc1782d2d71c9b8636d69b2f8ee43ce5) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/11/12 09:06:08.0265 SiS7012 (6e691a346b9b219e038ed04c6977a71d) C:\WINDOWS\system32\drivers\sis7012.sys
2010/11/12 09:06:09.0656 sisagp (c729eb60dd40948e5eb3fb53dc9cad44) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/12 09:06:12.0703 SiSkp (14239a510b4c85c1073254fe0b8907bc) C:\WINDOWS\system32\drivers\srvkp.sys
2010/11/12 09:06:13.0640 SMBE (289d356c04f4b1b7a26866eab56aec36) C:\WINDOWS\system32\Drivers\SMBE.SYS
2010/11/12 09:06:14.0687 SONYWBMS (752a5c46742d07c15e9b4c246fcad8d4) C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS
2010/11/12 09:06:17.0250 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/12 09:06:19.0765 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/12 09:06:23.0218 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/12 09:06:30.0375 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/12 09:06:31.0859 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/12 09:06:34.0234 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/12 09:06:35.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/12 09:06:35.0828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/12 09:06:36.0265 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/12 09:06:36.0921 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/12 09:06:37.0968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/12 09:06:39.0078 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/12 09:06:40.0093 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/12 09:06:40.0812 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/12 09:06:41.0250 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/12 09:06:41.0859 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/12 09:06:42.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/12 09:06:43.0312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/12 09:06:43.0953 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/12 09:06:45.0015 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/12 09:06:48.0171 ================================================================================
2010/11/12 09:06:48.0171 Scan finished
2010/11/12 09:06:48.0171 ================================================================================
2010/11/12 09:07:02.0359 Deinitialize success
DaisyLJ
Active Member
 
Posts: 7
Joined: November 7th, 2010, 9:44 pm

Re: IE, Firefox not working. Extremely slow computer

Unread postby deltalima » November 12th, 2010, 1:48 pm

Hi DaisyLJ,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKU\S-1-5-21-1685927933-3652652152-3399203189-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {A1E738AF-56B7-4B59-B926-711B8256CC4A} - No CLSID value found.
    O2 - BHO: (no name) - {C9AC7683-F309-4EDF-903E-72F255EA3189} - No CLSID value found.
    O2 - BHO: (no name) - {CE9BB488-8CFD-4ABF-94D9-520BE7C8670E} - No CLSID value found.
    O2 - BHO: (no name) - {D902CBBE-8861-470D-91FF-9BA06CD77F7E} - No CLSID value found.
    O2 - BHO: (no name) - {F4262975-15EF-43A0-B5D9-FF2385E1A6BA} - No CLSID value found.
    O4 - HKLM..\Run: [ejxrqmrl] C:\Documents and Settings\Norm\Application Data\bueiekmse\cdqcfcwuqiw.exe File not found
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE, Firefox not working. Extremely slow computer

Unread postby DaisyLJ » November 12th, 2010, 2:58 pm

Hi deltalima,

OTL Script
All processes killed
========== OTL ==========
HKU\S-1-5-21-1685927933-3652652152-3399203189-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E738AF-56B7-4B59-B926-711B8256CC4A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E738AF-56B7-4B59-B926-711B8256CC4A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9AC7683-F309-4EDF-903E-72F255EA3189}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9AC7683-F309-4EDF-903E-72F255EA3189}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE9BB488-8CFD-4ABF-94D9-520BE7C8670E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE9BB488-8CFD-4ABF-94D9-520BE7C8670E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D902CBBE-8861-470D-91FF-9BA06CD77F7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D902CBBE-8861-470D-91FF-9BA06CD77F7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4262975-15EF-43A0-B5D9-FF2385E1A6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4262975-15EF-43A0-B5D9-FF2385E1A6BA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ejxrqmrl deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 597229 bytes

User: All Users

User: Default User
->Temp folder emptied: 947912 bytes
->Temporary Internet Files folder emptied: 597229 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 47595 bytes

User: NetworkService
->Temp folder emptied: 17006 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Norm
->Temp folder emptied: 140325385 bytes
->Temporary Internet Files folder emptied: 3020706 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45907958 bytes
->Flash cache emptied: 1407 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2932753 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6818772 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 947912 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 581403 bytes
RecycleBin emptied: 1240669 bytes

Total Files Cleaned = 195.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11122010_104611

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

MBRCheck
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000002ad

Kernel Drivers (total 116):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7AAE000 \WINDOWS\system32\KDCOM.DLL
0xF79BE000 \WINDOWS\system32\BOOTVID.dll
0xF755F000 ACPI.sys
0xF7AB0000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF754E000 pci.sys
0xF75AE000 isapnp.sys
0xF75BE000 ohci1394.sys
0xF75CE000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF7B76000 pciide.sys
0xF782E000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF75DE000 MountMgr.sys
0xF752F000 ftdisk.sys
0xF7836000 PartMgr.sys
0xF75EE000 VolSnap.sys
0xF7517000 atapi.sys
0xF75FE000 disk.sys
0xF760E000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF74F7000 fltmgr.sys
0xF74E5000 sr.sys
0xF79C2000 PxHelp20.sys
0xF74CE000 KSecDD.sys
0xF7441000 Ntfs.sys
0xF7414000 NDIS.sys
0xF783E000 sisagp.sys
0xF73FA000 Mup.sys
0xF763E000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF781E000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF6DD8000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF6DC4000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF78BE000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF6DB0000 \SystemRoot\System32\DRIVERS\parport.sys
0xF764E000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7A82000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF765E000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF78C6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF78CE000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF78D6000 \SystemRoot\System32\DRIVERS\SonyWBMS.SYS
0xF78DE000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF6D8C000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF766E000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF767E000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF768E000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6D69000 \SystemRoot\System32\DRIVERS\ks.sys
0xF6CA3000 \SystemRoot\System32\DRIVERS\LTSM.sys
0xF78E6000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6C78000 \SystemRoot\system32\drivers\sis7012.sys
0xF6C54000 \SystemRoot\system32\drivers\portcls.sys
0xF769E000 \SystemRoot\system32\drivers\drmk.sys
0xF76AE000 \SystemRoot\System32\DRIVERS\R8139n51.SYS
0xF7C9F000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF76BE000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7A92000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6C3D000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF76CE000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF76DE000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF78EE000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6B8C000 \SystemRoot\System32\DRIVERS\psched.sys
0xF76EE000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF1A91000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF1A89000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF15F6000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7B1E000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF03AB000 \SystemRoot\System32\DRIVERS\update.sys
0xF7A6E000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF15E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7966000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF774E000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7B6A000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7AB6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C54000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AB8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7986000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF798E000 \SystemRoot\System32\drivers\vga.sys
0xF7ABA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7ABC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7996000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF799E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF1520000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEE20F000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEE1B6000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEE17C000 \SystemRoot\System32\Drivers\avgtdix.sys
0xEE156000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF335F000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF334F000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xEE12E000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEE10C000 \SystemRoot\System32\drivers\afd.sys
0xF333F000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7ABE000 \SystemRoot\system32\drivers\srvkp.sys
0xEE0E1000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEE071000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF331F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7C63000 \SystemRoot\System32\DRIVERS\DMICall.sys
0xF79A6000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xEE03D000 \SystemRoot\System32\Drivers\avgldx86.sys
0xEDFF1000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF0988000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDFD9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AD0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF73B6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF0DAF000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF0CC5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB87D4000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB8053000 \SystemRoot\system32\drivers\wdmaud.sys
0xF09A8000 \SystemRoot\system32\drivers\sysaudio.sys
0xB7EDE000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7B46000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB7E32000 \SystemRoot\System32\Drivers\DgiVecp.sys
0xB7C9D000 \SystemRoot\System32\DRIVERS\srv.sys
0xB775C000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
524 C:\WINDOWS\system32\smss.exe
596 csrss.exe
636 C:\WINDOWS\system32\winlogon.exe
684 C:\WINDOWS\system32\services.exe
696 C:\WINDOWS\system32\lsass.exe
856 C:\WINDOWS\system32\nvsvc32.exe
920 C:\WINDOWS\system32\svchost.exe
988 svchost.exe
1096 C:\WINDOWS\system32\svchost.exe
1152 svchost.exe
1180 C:\Program Files\AVG\AVG9\avgchsvx.exe
1188 C:\Program Files\AVG\AVG9\avgrsx.exe
1280 svchost.exe
1404 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1824 C:\WINDOWS\explorer.exe
1892 C:\WINDOWS\system32\spoolsv.exe
660 svchost.exe
1124 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1364 C:\Program Files\Java\jre6\bin\jqs.exe
1552 C:\WINDOWS\notepad.exe
1708 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
124 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
228 C:\Program Files\AVG\AVG9\avgnsx.exe
896 C:\WINDOWS\LTSMMSG.exe
1716 C:\PROGRA~1\AVG\AVG9\avgtray.exe
1380 C:\WINDOWS\system32\rundll32.exe
1312 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
2052 C:\WINDOWS\system32\ctfmon.exe
2084 C:\WINDOWS\system32\wuauclt.exe
3652 alg.exe
3972 C:\Program Files\Mozilla Firefox\firefox.exe
2504 C:\Documents and Settings\Norm\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000003`ffacce00 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST380020A, Rev: 5.38
PhysicalDrive1 Model Number: IBM-DTTA-351680, Rev: T51OA73A

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
15 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
DaisyLJ
Active Member
 
Posts: 7
Joined: November 7th, 2010, 9:44 pm

Re: IE, Firefox not working. Extremely slow computer

Unread postby deltalima » November 12th, 2010, 3:10 pm

Hi DaisyLJ,

Please run a new scan with OTL and post just the OTL.txt log.

Now run Malwarebytes, update and then run a quick scan and post the log in your next reply. Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE, Firefox not working. Extremely slow computer

Unread postby DaisyLJ » November 12th, 2010, 4:16 pm

Hi deltalima,

OTL.txt
OTL logfile created on: 11/12/2010 11:46:36 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Norm\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 512.00 Mb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.99 Gb Total Space | 2.00 Gb Free Space | 12.51% Space Free | Partition Type: NTFS
Drive D: | 58.51 Gb Total Space | 40.87 Gb Free Space | 69.85% Space Free | Partition Type: NTFS
Drive H: | 15.73 Gb Total Space | 0.39 Gb Free Space | 2.49% Space Free | Partition Type: FAT32
Drive J: | 283.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VALUED-20606295 | User Name: Norm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\Norm\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Norm\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (XDva279) -- C:\WINDOWS\System32\XDva279.sys File not found
DRV - (XDva031) -- C:\WINDOWS\System32\XDva031.sys File not found
DRV - (Pcouffin) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys File not found
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (3Com_A02) -- C:\WINDOWS\system32\drivers\3C254G50.sys (3Com Corporation)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgiVecp.sys (DeviceGuys, Inc.)
DRV - (SMBE) Sony MPEG2 Encoder Board (WDM) -- C:\WINDOWS\system32\drivers\Smbe.sys (Sony Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies)
DRV - (SiS7012) Service for AC'97 Sample Driver (WDM) -- C:\WINDOWS\system32\drivers\sis7012.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys ()
DRV - (SONYWBMS) Sony Memory Stick controller(WB) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1685927933-3652652152-3399203189-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1685927933-3652652152-3399203189-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1685927933-3652652152-3399203189-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.1.9
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 6092
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/06 18:24:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/06 18:24:14 | 000,000,000 | ---D | M]

[2010/11/06 18:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Mozilla\Extensions
[2010/11/06 23:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Mozilla\Firefox\Profiles\u7wol4bc.default\extensions
[2010/11/06 18:29:17 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Norm\Application Data\Mozilla\Firefox\Profiles\u7wol4bc.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/11/06 18:29:17 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Norm\Application Data\Mozilla\Firefox\Profiles\u7wol4bc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/06 18:29:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Norm\Application Data\Mozilla\Firefox\Profiles\u7wol4bc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/06 18:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Mozilla\Firefox\Profiles\u7wol4bc.default\extensions\adblockpopups@jessehakanen.net
[2010/11/06 18:24:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/23 00:07:38 | 000,419,569 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 14479 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LTSMMSG] C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1685927933-3652652152-3399203189-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 6278065685 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - D:\Quickbooks Premier\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Norm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Norm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 17:12:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/04 17:10:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O32 - AutoRun File - [2003/10/02 21:31:44 | 000,000,068 | -H-- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [1999/09/15 20:42:48 | 000,000,054 | -H-- | M] () - H:\autoexec.nav -- [ FAT32 ]
O32 - AutoRun File - [2003/10/02 21:31:44 | 000,000,054 | ---- | M] () - H:\AUTOEXEC.LTS -- [ FAT32 ]
O32 - AutoRun File - [2007/05/30 18:37:22 | 000,000,197 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 10:46:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/12 08:57:23 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Norm\Desktop\TDSSKiller.exe
[2010/11/12 08:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\Desktop\tdsskiller
[2010/11/11 16:45:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/10 13:03:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Norm\Desktop\OTL.exe
[2010/11/07 18:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/07 17:26:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/07 17:25:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/07 17:08:14 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/11/07 17:08:14 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/11/07 17:08:13 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/11/07 17:07:45 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/11/07 17:06:02 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/11/07 16:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/07 14:28:25 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/11/07 14:28:25 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/11/07 14:28:14 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/11/07 14:28:12 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/11/07 14:28:12 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/11/07 14:28:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/11/07 14:28:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/11/07 14:28:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/11/07 14:28:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/11/07 14:28:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/11/07 14:28:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/11/07 14:28:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/11/07 14:28:09 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/11/07 14:28:09 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/11/07 14:28:09 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/11/07 14:28:09 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/11/07 14:28:09 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/11/07 14:28:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/11/07 14:28:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/11/07 14:28:08 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/11/07 14:28:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/11/07 14:28:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/11/07 14:28:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/11/07 14:28:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/11/07 14:28:04 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/11/07 14:28:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/11/07 14:28:03 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/11/07 14:28:03 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/11/07 14:28:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/11/07 14:28:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/11/07 14:28:02 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/11/07 14:28:02 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/11/07 14:28:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/11/07 14:28:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/11/07 14:28:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/11/07 14:28:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/11/07 14:28:00 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/11/07 14:28:00 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/11/07 14:28:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/11/07 14:28:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/11/07 14:28:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/11/07 14:27:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/11/07 14:27:58 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/11/07 14:27:56 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/11/07 14:27:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/07 14:27:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/07 14:27:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/07 14:17:53 | 000,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/11/06 23:20:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Norm\PrivacIE
[2010/11/06 23:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\Application Data\WinPatrol
[2010/11/06 23:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/11/06 23:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/11/06 22:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/11/06 22:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/11/06 22:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/11/06 22:55:48 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/11/06 22:55:48 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/11/06 22:55:47 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/11/06 22:55:47 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/11/06 22:55:47 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/11/06 22:55:47 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/11/06 22:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/11/06 22:45:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Norm\IETldCache
[2010/11/06 22:34:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/06 20:49:25 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/11/06 20:48:52 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/11/06 20:48:45 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/11/06 20:48:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/11/06 20:47:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/11/06 20:47:27 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/11/06 20:47:03 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/11/06 18:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\Application Data\Malwarebytes
[2010/11/06 18:34:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/06 18:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/06 18:33:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/06 18:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/06 18:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\My Documents\Downloads
[2010/11/06 18:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\Local Settings\Application Data\Mozilla
[2010/11/06 18:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\Application Data\Mozilla
[2010/11/06 18:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2010/11/12 10:54:36 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Norm\Desktop\MBRCheck.exe
[2010/11/12 10:51:23 | 000,232,108 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/12 10:49:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/12 09:15:04 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/12 09:01:12 | 067,564,053 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/11/11 17:10:35 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/11/10 12:56:24 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Norm\Desktop\umkuicrv.exe
[2010/11/10 12:56:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norm\Desktop\OTL.exe
[2010/11/10 12:55:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Norm\Desktop\TDSSKiller.exe
[2010/11/07 22:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/07 19:20:04 | 000,425,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 19:20:04 | 000,071,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 19:15:45 | 000,199,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/07 19:11:08 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Norm\Desktop\Fix comp.doc
[2010/11/07 18:46:36 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Norm\Desktop\HiJackThis.lnk
[2010/11/07 18:46:23 | 000,157,696 | ---- | M] () -- C:\Documents and Settings\Norm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/07 18:10:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/07 14:17:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/06 22:47:16 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/11/06 22:45:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/06 18:25:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/11/06 18:24:32 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/06 18:24:32 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/13 19:19:53 | 000,003,779 | ---- | M] () -- C:\WINDOWS\w08tax.INI
[2010/10/13 19:12:29 | 000,000,040 | ---- | M] () -- C:\WINDOWS\lacerte.ini

========== Files Created - No Company Name ==========

[2010/11/12 10:54:38 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Norm\Desktop\MBRCheck.exe
[2010/11/10 13:03:26 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Norm\Desktop\umkuicrv.exe
[2010/11/07 19:11:07 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Norm\Desktop\Fix comp.doc
[2010/11/07 18:40:49 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Norm\Desktop\HiJackThis.lnk
[2010/11/06 22:03:57 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/11/06 18:25:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/06 18:24:32 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/06 18:24:32 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/20 12:26:13 | 000,000,373 | ---- | C] () -- C:\WINDOWS\NJCOM.INI
[2010/06/19 10:40:05 | 000,001,129 | ---- | C] () -- C:\WINDOWS\TFP2005.INI
[2010/06/16 16:44:16 | 000,001,647 | ---- | C] () -- C:\WINDOWS\W06TAX.INI
[2010/06/16 16:27:32 | 000,000,046 | ---- | C] () -- C:\WINDOWS\LTBUI08.INI
[2010/06/16 16:27:18 | 000,000,047 | ---- | C] () -- C:\WINDOWS\TaxSetup.INI
[2010/06/16 16:14:53 | 000,000,079 | ---- | C] () -- C:\WINDOWS\WTAXSYNC.ini
[2010/06/16 15:20:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2010/06/16 15:19:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2010/06/16 15:13:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2010/06/16 14:59:00 | 000,000,040 | ---- | C] () -- C:\WINDOWS\lacerte.ini
[2010/06/16 14:48:23 | 000,003,779 | ---- | C] () -- C:\WINDOWS\w08tax.INI
[2008/05/05 23:26:52 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\32E51DEE35.dll
[2007/08/12 20:13:01 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/08/12 19:51:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/08/12 19:51:37 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/08/12 19:51:37 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/08/10 20:09:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Dll_OTHER_ENG.dll
[2007/08/04 19:43:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/04 19:12:35 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2007/08/04 18:40:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/04 18:25:33 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/04 18:03:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/08/04 17:12:58 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\Norm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2005/08/09 14:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 14:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 14:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/02 15:35:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 15:35:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/08/02 15:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 15:35:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/08/02 15:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/08/02 15:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/04/26 01:06:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/25 14:13:18 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/04/25 14:13:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/04/25 14:08:09 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2002/04/25 13:48:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2002/04/24 16:36:03 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2002/04/24 16:35:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2002/04/24 10:47:28 | 000,000,804 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/24 10:30:54 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/24 03:36:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1997/11/14 17:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/05/13 17:23:00 | 000,002,233 | ---- | C] () -- C:\WINDOWS\acroread.ini
[1996/02/22 17:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/15 17:23:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll
[1995/09/25 17:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 17:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

< End of report >

Malwarebytes Log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5102

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/12/2010 12:11:03 PM
mbam-log-2010-11-12 (12-11-03).txt

Scan type: Quick scan
Objects scanned: 150864
Time elapsed: 14 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The computer seems to be working a bit faster now. I have internet with IE and firefox when not using a proxy. Was any malware found? Thank you
DaisyLJ
Active Member
 
Posts: 7
Joined: November 7th, 2010, 9:44 pm

Re: IE, Firefox not working. Extremely slow computer

Unread postby deltalima » November 12th, 2010, 4:27 pm

Hi DaisyLJ,

Was any malware found?


We removed some remnants of a previous infection.

As a final check –

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE, Firefox not working. Extremely slow computer

Unread postby DaisyLJ » November 13th, 2010, 2:00 pm

deltalima,

ESET
H:\Documents and Settings.Backup\Ed-O\Local Settings\Temp\hotbar.exe probably a variant of Win32/Genetik trojan
DaisyLJ
Active Member
 
Posts: 7
Joined: November 7th, 2010, 9:44 pm

Re: IE, Firefox not working. Extremely slow computer

Unread postby deltalima » November 13th, 2010, 2:43 pm

Hi DaisyLJ,

Please delete the file

H:\Documents and Settings.Backup\Ed-O\Local Settings\Temp\hotbar.exe

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.4 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 22.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 22 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: IE, Firefox not working. Extremely slow computer

Unread postby DaisyLJ » November 14th, 2010, 2:32 am

Hi deltalima,

My computer is running much better now. Thank you so much for all the help.

DaisyLJ
DaisyLJ
Active Member
 
Posts: 7
Joined: November 7th, 2010, 9:44 pm

Re: IE, Firefox not working. Extremely slow computer

Unread postby deltalima » November 14th, 2010, 8:29 am

You're welcome!

Glad we could help.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware