Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected Rebooting very slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected Rebooting very slow

Unread postby kauhikoa » July 22nd, 2011, 2:48 am

Hi,

Ran Norton Fix TDSS for browser redirect problem. Now reboot takes about 15 minutes. Don't know how to fix the reboot problem...


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Richie at 20:36:28 on 2011-07-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2421 [GMT -10:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\dvd43\dvd43_tray.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Garmin\gStart.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Webshots\3.1.5.7619\webshots.scr
C:\Program Files\Zenview Manager\UltraMon.exe
C:\Program Files\Zenview Manager\UltraMonTaskbar.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://gbt.toolbarhome.com/?hp=df
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Google Update] "c:\documents and settings\richie\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SearchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exe
uRun: [gStart] c:\garmin\gStart.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
uRun: [vProt] c:\program files\gamebox\vprot.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Download Nitro] "c:\program files\pcpitstop\download nitro\pcpitstop-nitro.exe" -autorun
uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 10.0\acrobat\AdobeCollabSync.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Zenview Manager] "c:\program files\zenview manager\UltraMon.exe" /auto
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon]
mRun: [<NO NAME>]
StartupFolder: c:\docume~1\richie\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7619\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Free YouTube to Mp3 Converter - c:\documents and settings\richie\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/ ... cmatic.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 8585202328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 8641333703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D2D6E336-2636-466B-8723-AD848D6414BF} : DhcpNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-9 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-9 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110701.001\BHDrvx86.sys [2011-7-5 810616]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-9 136312]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-9 130008]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2005-8-16 10496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-9 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110720.031\IDSXpx86.sys [2011-7-20 355256]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110721.020\NAVENG.SYS [2011-7-21 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110721.020\NAVEX15.SYS [2011-7-21 1542392]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2005-8-16 3328]
S0 12282879;12282879;c:\windows\system32\drivers\92771921.sys --> c:\windows\system32\drivers\92771921.sys [?]
S0 SMR200;Symantec SMR Utility Service 2.0.0;c:\windows\system32\drivers\smr200.sys --> c:\windows\system32\drivers\SMR200.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-7-10 91304]
S3 TIDHOOK;TIDHOOK;\??\c:\docume~1\richie\locals~1\temp\fx0btx03.tmp\tidhook.sys --> c:\docume~1\richie\locals~1\temp\fx0btx03.tmp\tidhook.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-16 19:41:01 -------- d-----w- C:\Webshots Data
2011-07-12 00:55:03 -------- d-----w- c:\program files\common files\Akamai
2011-07-12 00:27:53 271704 ----a-w- c:\windows\system32\hpzids01.dll
2011-07-12 00:27:52 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
2011-07-12 00:27:52 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2011-07-12 00:27:11 970752 ----a-r- c:\windows\system32\hpotiop5.dll
2011-07-12 00:27:11 729088 ----a-r- c:\windows\system32\hpowiax5.dll
2011-07-12 00:27:11 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2011-07-12 00:27:11 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-07-12 00:27:11 303104 ----a-r- c:\windows\system32\hpovst12.dll
2011-07-12 00:27:09 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-07-12 00:27:09 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-07-12 00:18:48 -------- d-----w- c:\program files\common files\HP
2011-07-12 00:02:45 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-12 00:02:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-12 00:02:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-12 00:01:56 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2011-07-12 00:01:56 -------- d-----w- c:\program files\dvd43
2011-07-11 23:40:54 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-07-11 23:40:54 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-07-11 23:40:54 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-07-11 23:40:40 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-07-11 23:40:40 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-07-11 23:40:40 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-11 23:40:40 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-07-11 23:40:40 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-07-11 23:40:40 2116894 ----a-w- c:\windows\system32\nvdata.bin
2011-07-11 23:40:40 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-07-11 23:40:40 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-07-11 23:30:50 -------- d-----w- c:\documents and settings\all users\application data\PCPitstopDat
2011-07-11 23:23:00 -------- d-----w- c:\documents and settings\richie\application data\Free Download Manager
2011-07-11 04:08:58 266360 ----a-w- c:\windows\system32\TweakUI.exe
2011-07-11 02:20:49 -------- d-----w- c:\documents and settings\richie\local settings\application data\VS Revo Group
2011-07-11 00:34:08 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-11 00:34:07 -------- d-----w- c:\program files\VS Revo Group
2011-07-11 00:00:57 -------- d-----w- c:\windows\pss
2011-07-10 23:08:22 -------- d-----w- C:\DVR112D
2011-07-10 22:52:25 -------- d-----w- c:\documents and settings\richie\application data\3v
2011-07-10 22:51:43 -------- d-----w- c:\documents and settings\richie\application data\GameBox
2011-07-10 22:51:42 -------- d-----w- c:\documents and settings\richie\local settings\application data\antiphishing-radarsync1_0dn
2011-07-10 22:51:40 -------- d-----w- c:\documents and settings\all users\application data\Anti-phishing Domain Advisor
2011-07-10 22:42:51 -------- d-----w- c:\documents and settings\all users\Uniblue
2011-07-10 22:42:48 -------- d-----w- c:\documents and settings\richie\application data\Uniblue
2011-07-10 22:42:41 -------- d-----w- c:\program files\Uniblue
2011-07-10 22:37:03 -------- d-----w- c:\program files\PCPitstop
2011-07-10 22:37:03 -------- d-----w- c:\documents and settings\all users\application data\PCPitstop
2011-07-10 22:31:36 -------- d-----w- c:\program files\Defraggler
2011-07-10 22:27:46 -------- d-----w- c:\program files\FileHippo.com
2011-07-10 22:14:55 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2011-07-10 14:18:53 -------- d-----w- c:\documents and settings\richie\local settings\application data\NPE
2011-07-10 04:29:26 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-10 04:29:26 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-10 03:38:57 -------- d-----w- c:\documents and settings\richie\application data\Tific
2011-07-10 03:38:55 -------- d-----w- c:\documents and settings\richie\local settings\application data\Symantec
2011-07-10 02:52:30 -------- d-----w- c:\program files\File Type Assistant
2011-07-10 02:19:49 -------- d-----w- c:\documents and settings\richie\application data\GetRightToGo
2011-07-10 01:34:32 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2011-07-09 19:36:34 -------- d-----w- c:\documents and settings\all users\application data\WEBREG
2011-07-09 19:35:08 -------- d-----w- c:\documents and settings\richie\local settings\application data\HP
2011-07-03 16:48:31 -------- d-----w- c:\documents and settings\all users\application data\1Click DVDTOIPOD
2011-07-02 06:46:25 -------- d-----w- c:\program files\LG Software Innovations
.
==================== Find3M ====================
.
2011-07-10 17:32:21 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-06-06 19:55:34 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55:32 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-10 18:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 18:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-09 22:58:11 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-09 22:58:10 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-04 14:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 12:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:36:53.85 ===============
kauhikoa
Active Member
 
Posts: 6
Joined: July 10th, 2011, 3:15 pm
Advertisement
Register to Remove

Re: Infected Rebooting very slow

Unread postby askey127 » July 24th, 2011, 6:47 am

Hi kauhikoa , and welcome to Malware Removal
Before We Start, Some Notes On This Process
During this repair, we may need to remove some obsolete programs, and some which interfere with our tools.
We will install replacements later.
Please do not install or uninstall any programs, or scan with anything, unless I ask, until we are through cleaning.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected Rebooting very slow

Unread postby kauhikoa » July 24th, 2011, 5:13 pm

Hi askey127,

Thanks so much for your help.
This is the OTL.Txt
followed by the Extras.Txt


OTL logfile created on: 7/24/2011 11:00:35 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Richie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 73.77% Memory free
4.84 Gb Paging File | 3.95 Gb Available in Paging File | 81.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 205.11 Gb Free Space | 88.07% Space Free | Partition Type: NTFS
Drive I: | 2.24 Gb Total Space | 2.23 Gb Free Space | 99.29% Space Free | Partition Type: NTFS
Drive J: | 423.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 230.64 Gb Total Space | 206.02 Gb Free Space | 89.33% Space Free | Partition Type: NTFS

Computer Name: STRATOSPHERE | User Name: Richie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/24 10:56:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
PRC - [2011/07/11 04:08:32 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/06/30 05:01:40 | 003,597,520 | ---- | M] (PC Pitstop, LLC) -- C:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exe
PRC - [2011/06/06 09:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/04/22 16:51:04 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
PRC - [2011/04/16 14:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/01/31 12:29:20 | 000,232,104 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010/07/27 00:01:58 | 003,474,848 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7619\Webshots.scr
PRC - [2009/10/23 19:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2008/04/13 14:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/16 22:57:52 | 000,187,904 | ---- | M] (Realtime Soft) -- C:\Program Files\Zenview Manager\UltraMon.exe
PRC - [2005/08/16 22:57:52 | 000,147,456 | ---- | M] (Realtime Soft) -- C:\Program Files\Zenview Manager\UltraMonTaskbar.exe
PRC - [2005/07/25 09:05:44 | 001,896,448 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe


========== Modules (SafeList) ==========

MOD - [2011/07/24 10:56:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
MOD - [2011/04/28 14:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll
MOD - [2011/01/31 12:29:20 | 000,384,168 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll
MOD - [2010/08/23 06:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/11 21:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/11 21:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcp90.dll
MOD - [2005/08/16 22:57:52 | 000,166,400 | ---- | M] (Realtime Soft) -- C:\Program Files\Zenview Manager\RTSUltraMonHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Brother XP spl Service)
SRV - [2011/06/23 00:33:58 | 003,435,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/04/22 16:51:54 | 000,091,304 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2011/04/16 14:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)


========== Driver Services (SafeList) ==========

DRV - [2011/07/07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110722.031\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/19 09:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/17 14:41:18 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110724.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 14:41:18 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110724.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 14:14:58 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 14:14:58 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/09 12:58:11 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 17:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 17:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 14:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 16:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 20:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 19:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/03/12 12:53:46 | 001,550,613 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/10/12 11:59:06 | 000,021,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2005/08/16 22:57:52 | 000,010,496 | ---- | M] (Realtime Soft) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2005/08/16 22:57:52 | 000,003,328 | ---- | M] (Realtime Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror)
DRV - [2004/12/22 14:51:06 | 000,018,090 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iMON_PAD.sys -- (SGIR)
DRV - [2003/09/17 09:06:00 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957994488-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gbt.toolbarhome.com/?hp=df
IE - HKU\S-1-5-21-1957994488-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-1957994488-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957994488-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/07/08 11:22:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_0_8 [2011/07/21 15:58:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/07/14 06:08:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/02/28 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1957994488-436374069-839522115-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1957994488-436374069-839522115-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Zenview Manager] C:\Program Files\Zenview Manager\UltraMon.exe (Realtime Soft)
O4 - HKU\S-1-5-21-1957994488-436374069-839522115-1003..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1957994488-436374069-839522115-1003..\Run: [Download Nitro] C:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exe (PC Pitstop, LLC)
O4 - HKU\S-1-5-21-1957994488-436374069-839522115-1003..\Run: [DriverScanner] File not found
O4 - HKU\S-1-5-21-1957994488-436374069-839522115-1003..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-1957994488-436374069-839522115-1003..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1957994488-436374069-839522115-1003..\Run: [SearchEngineProtection] File not found
O4 - HKU\S-1-5-21-1957994488-436374069-839522115-1003..\Run: [Steam] File not found
O4 - HKU\S-1-5-21-1957994488-436374069-839522115-1003..\Run: [vProt] File not found
O4 - Startup: C:\Documents and Settings\Richie\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Richie\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/ ... cmatic.cab (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8585202328 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8641333703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/31 17:02:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/31 13:01:11 | 000,000,000 | R--D | M] - J:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/31 13:01:28 | 001,101,824 | R--- | M] () - J:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 17:15:46 | 000,000,027 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 17:15:25 | 000,001,214 | R--- | M] () - J:\autorun.str -- [ CDFS ]
O32 - AutoRun File - [2010/10/31 17:02:37 | 000,000,000 | ---- | M] () - Z:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ecc8568-e504-11df-b2f1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3ecc8568-e504-11df-b2f1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ecc8568-e504-11df-b2f1-806d6172696f}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2003/08/31 13:01:28 | 001,101,824 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/24 10:56:34 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
[2011/07/22 15:12:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richie\Recent
[2011/07/22 13:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/22 13:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/22 13:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/22 13:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/16 09:41:01 | 000,000,000 | ---D | C] -- C:\Webshots Data
[2011/07/13 10:55:11 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Richie\Desktop\dds.scr
[2011/07/12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[2011/07/11 14:55:19 | 487,666,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Richie\My Documents\AcrobatPro_10_Web_WWEFD.exe
[2011/07/11 14:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/07/11 14:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2011/07/11 14:27:53 | 000,271,704 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2011/07/11 14:27:52 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l5ha.dll
[2011/07/11 14:27:11 | 000,970,752 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotiop5.dll
[2011/07/11 14:27:11 | 000,729,088 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax5.dll
[2011/07/11 14:27:11 | 000,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2011/07/11 14:27:11 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2011/07/11 14:27:11 | 000,303,104 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst12.dll
[2011/07/11 14:27:09 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2011/07/11 14:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/07/11 14:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/07/11 14:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/07/11 14:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/07/11 14:02:45 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/11 14:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/11 14:02:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/11 14:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/11 14:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\dvd43
[2011/07/11 14:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD43
[2011/07/11 13:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/07/11 13:40:40 | 013,000,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/07/11 13:40:40 | 005,210,112 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/07/11 13:40:40 | 002,770,536 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/07/11 13:40:40 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/07/11 13:40:40 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220140.dll
[2011/07/11 13:40:40 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322060.dll
[2011/07/11 13:40:40 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/07/11 13:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2011/07/11 13:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\Free Download Manager
[2011/07/11 13:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop
[2011/07/11 04:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AI RoboForm
[2011/07/10 18:08:58 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2011/07/10 18:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2011/07/10 16:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Local Settings\Application Data\VS Revo Group
[2011/07/10 14:42:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/07/10 14:41:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/10 14:39:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/10 14:34:08 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/07/10 14:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/07/10 14:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/07/10 14:00:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/10 13:28:32 | 000,568,900 | ---- | C] ( ) -- C:\Documents and Settings\Richie\Desktop\DVD43_4-6-0_Setup.exe
[2011/07/10 13:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Desktop\New Folder
[2011/07/10 13:08:22 | 000,000,000 | ---D | C] -- C:\DVR112D
[2011/07/10 12:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\3v
[2011/07/10 12:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\GameBox
[2011/07/10 12:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Local Settings\Application Data\antiphishing-radarsync1_0dn
[2011/07/10 12:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2011/07/10 12:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/07/10 12:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\Uniblue
[2011/07/10 12:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2011/07/10 12:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/07/10 12:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2011/07/10 12:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/07/10 12:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/07/10 12:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/07/10 12:23:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Richie\Start Menu\Programs\Administrative Tools
[2011/07/10 11:30:59 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Richie\Desktop\FixTDSS.exe
[2011/07/10 11:22:23 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richie\Desktop\MBsetup.exe
[2011/07/10 11:22:17 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Richie\Desktop\tdsskiller.exe
[2011/07/10 04:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Local Settings\Application Data\NPE
[2011/07/10 03:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe LiveCycle ES2
[2011/07/09 17:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\Tific
[2011/07/09 17:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Local Settings\Application Data\Symantec
[2011/07/09 16:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2011/07/09 16:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Desktop\Downloads
[2011/07/09 16:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\GetRightToGo
[2011/07/09 15:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/07/09 15:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Desktop\Adobe Acrobat X
[2011/07/09 10:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\My Documents\My Scans
[2011/07/09 09:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\My Documents\Margie
[2011/07/09 09:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/07/09 09:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Local Settings\Application Data\HP
[2011/07/03 06:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\My Documents\1Click DVDTOIPOD
[2011/07/03 06:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1Click DVDTOIPOD
[2011/07/03 06:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\1Click DVD Copy 5
[2011/07/01 20:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\LG Software Innovations
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/24 10:56:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
[2011/07/24 10:24:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-436374069-839522115-1003UA.job
[2011/07/23 19:24:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-436374069-839522115-1003Core.job
[2011/07/22 15:05:53 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\Copy C to Z every Friday at 3pm.job
[2011/07/22 13:49:02 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/22 10:28:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/21 20:22:47 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Richie\Start Menu\Programs\Startup\Webshots.lnk
[2011/07/21 16:14:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/21 15:57:57 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/21 15:57:57 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/07/21 15:57:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/19 05:41:22 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\Margie - Google Finance.lnk
[2011/07/14 15:24:42 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\Google Chrome.lnk
[2011/07/14 15:24:42 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Richie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/14 06:08:40 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Pro.lnk
[2011/07/14 05:20:06 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 10:55:03 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Richie\Desktop\dds.scr
[2011/07/12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[2011/07/11 17:52:49 | 000,029,496 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\margie test one.pdf
[2011/07/11 15:03:27 | 487,666,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Richie\My Documents\AcrobatPro_10_Web_WWEFD.exe
[2011/07/11 14:49:57 | 000,045,093 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\HP Installation Error - XP.hta
[2011/07/11 14:49:43 | 000,165,016 | ---- | M] () -- C:\WINDOWS\hpoins21.dat
[2011/07/11 14:22:47 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2011/07/11 14:21:59 | 000,001,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2011/07/11 14:20:26 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/07/11 14:19:55 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/07/11 14:02:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/11 14:01:56 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\DVD43.lnk
[2011/07/11 13:41:14 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/11 13:41:14 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/11 13:41:12 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/11 13:40:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/07/11 13:21:31 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\PC Matic.lnk
[2011/07/11 03:50:52 | 000,002,075 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealTick.lnk
[2011/07/10 18:46:40 | 000,081,858 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/10 18:17:29 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/07/10 18:08:12 | 000,150,192 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\TweakUiPowertoySetup.exe
[2011/07/10 14:34:09 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/07/10 13:27:36 | 000,568,900 | ---- | M] ( ) -- C:\Documents and Settings\Richie\Desktop\DVD43_4-6-0_Setup.exe
[2011/07/10 12:31:36 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/07/10 12:27:47 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\Update Checker.lnk
[2011/07/10 12:26:17 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/07/10 11:20:12 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\rkill.com
[2011/07/10 09:54:04 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/10 07:22:26 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Richie\Desktop\tdsskiller.exe
[2011/07/10 05:47:24 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Richie\Desktop\FixTDSS.exe
[2011/07/10 04:43:42 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richie\Desktop\MBsetup.exe
[2011/07/09 17:31:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Richie\Ÿ9Ÿ9
[2011/07/09 09:36:27 | 000,165,034 | ---- | M] () -- C:\WINDOWS\hpoins21.dat.temp
[2011/07/08 09:40:50 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\Richie - Google Finance.lnk
[2011/07/03 07:10:20 | 680,239,815 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\HAPPYTHANKYOUMOREPLEASE.mp4
[2011/07/03 06:12:54 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\1CLICK DVD COPY 5.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/22 13:49:02 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/11 17:52:49 | 000,029,496 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\margie test one.pdf
[2011/07/11 15:08:21 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2011/07/11 15:08:21 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2011/07/11 15:08:21 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Pro.lnk
[2011/07/11 14:49:57 | 000,045,093 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\HP Installation Error - XP.hta
[2011/07/11 14:22:47 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2011/07/11 14:21:59 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2011/07/11 14:21:24 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/07/11 14:20:26 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/07/11 14:19:55 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/07/11 14:15:10 | 000,165,034 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2011/07/11 14:15:10 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2011/07/11 14:02:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/11 14:01:56 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\DVD43.lnk
[2011/07/11 13:40:54 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/11 13:40:54 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/11 13:40:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/11 13:40:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/07/11 13:40:40 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/07/11 13:40:40 | 000,003,629 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/07/11 13:21:31 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\PC Matic.lnk
[2011/07/10 18:10:04 | 000,150,192 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\TweakUiPowertoySetup.exe
[2011/07/10 18:08:58 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2011/07/10 17:57:09 | 000,081,858 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/10 17:36:15 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/10 17:36:15 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/07/10 14:34:09 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/07/10 12:42:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/10 12:31:36 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/07/10 12:27:46 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\Update Checker.lnk
[2011/07/10 12:26:17 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/07/10 11:22:07 | 001,008,041 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\rkill.com
[2011/07/09 17:31:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richie\Ÿ9Ÿ9
[2011/07/09 09:20:33 | 000,165,016 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2011/07/09 09:20:33 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2011/07/03 06:50:26 | 680,239,815 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\HAPPYTHANKYOUMOREPLEASE.mp4
[2011/07/03 06:12:54 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\1CLICK DVD COPY 5.lnk
[2011/03/17 06:46:14 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\C991D49171.dll
[2010/12/30 03:01:32 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/16 10:18:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/05 07:59:51 | 000,000,080 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/11/05 07:59:51 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2010/11/05 07:59:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brohl144.ini
[2010/11/05 07:59:48 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/11/05 07:59:48 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/11/05 07:59:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/11/05 07:59:35 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/11/05 07:59:35 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/11/05 07:59:35 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/11/05 07:59:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2010/11/05 07:59:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BRVPDNTA.DLL
[2010/11/05 07:59:21 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010/11/05 07:59:21 | 000,011,568 | ---- | C] () -- C:\WINDOWS\HL-1440.INI
[2010/11/05 07:59:21 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010/11/02 10:01:42 | 000,000,981 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/10/31 17:04:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/31 16:59:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/31 06:44:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/31 06:43:11 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/08/11 21:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 21:43:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/11 21:43:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/11 21:43:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/11 21:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/11 21:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/11 21:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/11 21:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/11 21:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/11 21:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/28 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 02:00:00 | 000,523,220 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 02:00:00 | 000,095,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 02:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/12/22 14:51:06 | 000,018,090 | ---- | C] () -- C:\WINDOWS\System32\drivers\iMON_PAD.sys

========== LOP Check ==========

[2011/07/10 05:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.STRATOSPHERE.002\Application Data\FixTDSS
[2011/07/10 14:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.STRATOSPHERE.002\Application Data\Uniblue
[2011/07/03 06:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1click dvd copy
[2011/07/01 20:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1click dvd copy pro
[2011/07/03 07:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVDTOIPOD
[2010/10/31 18:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2011/07/10 12:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2010/11/01 10:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
[2011/05/28 08:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/03/19 09:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/07/21 15:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/07/11 13:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2011/07/09 15:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/10/31 18:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/03/18 16:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/03 06:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/11/04 10:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/09 04:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AGI
[2011/07/10 12:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\3v
[2010/11/05 05:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\AGI
[2010/11/04 10:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\DVDVideoSoftIEHelpers
[2010/11/05 09:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\ElevatedDiagnostics
[2011/03/11 04:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2011/07/24 11:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Free Download Manager
[2011/07/10 12:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\GameBox
[2011/07/09 18:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\GetRightToGo
[2010/12/05 04:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\HandBrake
[2011/03/17 07:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Oberon Media
[2011/03/27 11:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\playitall
[2011/01/26 07:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\RoboForm
[2011/07/09 17:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Tific
[2011/07/10 12:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Uniblue
[2010/10/31 18:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Webshots
[2010/11/01 10:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Windows Desktop Search
[2010/12/25 11:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Windows Search
[2011/07/22 15:05:53 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\Copy C to Z every Friday at 3pm.job
[2011/07/21 15:57:57 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2011/07/21 15:57:57 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322EAACD
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81405BF2

< End of report >

Extras.Txt begins here

OTL Extras logfile created on: 7/24/2011 11:00:35 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Richie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 73.77% Memory free
4.84 Gb Paging File | 3.95 Gb Available in Paging File | 81.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 205.11 Gb Free Space | 88.07% Space Free | Partition Type: NTFS
Drive I: | 2.24 Gb Total Space | 2.23 Gb Free Space | 99.29% Space Free | Partition Type: NTFS
Drive J: | 423.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 230.64 Gb Total Space | 206.02 Gb Free Space | 89.33% Space Free | Partition Type: NTFS

Computer Name: STRATOSPHERE | User Name: Richie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1957994488-436374069-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"K:\setup\HPZNUI01.EXE" = K:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"C:\Program Files\EA Games\Command and Conquer Generals\game.dat" = C:\Program Files\EA Games\Command and Conquer Generals\game.dat:*:Enabled:game -- ()
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat" = C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game -- ()
"C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Disabled:Steam
"C:\Program Files\Webshots\3.1.5.7619\Webshots.scr" = C:\Program Files\Webshots\3.1.5.7619\Webshots.scr:*:Enabled:Webshots Photo Manager -- (Webshots.com)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Google\Update\GoogleUpdate.exe" = C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:Google Installer
"C:\Documents and Settings\Richie\My Documents\downloads\NPE.exe" = C:\Documents and Settings\Richie\My Documents\downloads\NPE.exe:*:Enabled:Norton Power Eraser -- (Symantec Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe
"J:\setup\HPZNUI01.EXE" = J:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5CCB8BF5-FF8B-4C15-BF36-6ABC67BAD248}" = RealTick
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9CDA9CA7-C5F0-4308-B160-6A477D900D6D}" = Zenview Manager
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCC68887-6E07-4438-A035-7C22EFBDC15E}" = Intel(R) Network Connections 14.6.7.0
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBFE5FBD-A7D9-4F74-88A1-2B042722F2DB}" = Intel(R) Desktop Control Center
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v4
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FBF9798F-F131-4364-BC51-36B65BC7621E}" = Casper 6.0
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.9.2.7
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AF5EBAB19E0AC92AFFCF6BB01BC6113C68246F96" = Windows Driver Package - NVIDIA (nv) Display (04/07/2011 6.14.12.7061)
"AI RoboForm" = AI RoboForm (All Users)
"Akamai" = Akamai NetSession Interface
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Brother 1440" = Brother 1440
"BROWNIE" = Brownie
"CCleaner" = CCleaner
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Defraggler" = Defraggler
"DVD43_is1" = DVD43 v4.6.0
"FileHippo.com" = FileHippo.com Update Checker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Gedpage" = Gedpage
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"Info Center_is1" = Info Center 1.0.0.5
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"PC Matic_is1" = PC Matic 1.1.0.41
"PC Pitstop Download Nitro_is1" = PC Pitstop Download Nitro 1.5.0.0
"Picasa 3" = Picasa 3
"Shop for HP Supplies" = Shop for HP Supplies
"Speccy" = Speccy
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/4/2011 9:50:23 PM | Computer Name = STRATOSPHERE | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2011 2:40:25 AM | Computer Name = STRATOSPHERE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2011 2:40:25 AM | Computer Name = STRATOSPHERE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 4/6/2011 2:40:25 AM | Computer Name = STRATOSPHERE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 4/6/2011 9:10:52 AM | Computer Name = STRATOSPHERE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2011 9:10:52 AM | Computer Name = STRATOSPHERE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23428781

Error - 4/6/2011 9:10:52 AM | Computer Name = STRATOSPHERE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23428781

Error - 4/6/2011 9:10:54 AM | Computer Name = STRATOSPHERE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2011 9:10:54 AM | Computer Name = STRATOSPHERE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23430734

Error - 4/6/2011 9:10:54 AM | Computer Name = STRATOSPHERE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23430734

[ System Events ]
Error - 7/16/2011 3:21:53 AM | Computer Name = STRATOSPHERE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1070

Error - 7/16/2011 3:21:53 AM | Computer Name = STRATOSPHERE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SMR200

Error - 7/16/2011 7:11:18 AM | Computer Name = STRATOSPHERE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/16/2011 7:25:16 AM | Computer Name = STRATOSPHERE | Source = Service Control Manager | ID = 7022
Description = The Server service hung on starting.

Error - 7/16/2011 7:25:16 AM | Computer Name = STRATOSPHERE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1070

Error - 7/16/2011 7:25:16 AM | Computer Name = STRATOSPHERE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SMR200

Error - 7/21/2011 10:00:19 PM | Computer Name = STRATOSPHERE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/21/2011 10:14:25 PM | Computer Name = STRATOSPHERE | Source = Service Control Manager | ID = 7022
Description = The Server service hung on starting.

Error - 7/21/2011 10:14:25 PM | Computer Name = STRATOSPHERE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1070

Error - 7/21/2011 10:14:25 PM | Computer Name = STRATOSPHERE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SMR200


< End of report >
kauhikoa
Active Member
 
Posts: 6
Joined: July 10th, 2011, 3:15 pm

Re: Infected Rebooting very slow

Unread postby askey127 » July 25th, 2011, 8:13 am

kauhikoa,
There isn't a lot visible right now.
Do you know if your processor (CPU) is a single core?
You may just have a startup overload.
We need to check carefully for a rootkit.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :Files
    C:\Documents and Settings\All Users\Uniblue
    C:\Documents and Settings\Richie\Application Data\Uniblue
    C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
    C:\Program Files\Uniblue
    C:\Documents and Settings\Administrator.STRATOSPHERE.002\Application Data\Uniblue
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • This time we don't need to post the new OTL log.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected Rebooting very slow

Unread postby kauhikoa » July 25th, 2011, 11:45 am

Hi askey127,

The CPU is Intel Core 2 Duo E6700 @ 2.66GHz
Conroe 65nm Technology

Ran the OTL fix, still 15 minute boot time...

Computer still taking 15 minutes to boot up. Something in the startup? I did uninstall roboform(which has caused other problems, and it's the first thing loaded in the tray after the 15 minute boot time lag)

Here are the TDSS scan results...no infections found

2011/07/25 05:31:41.0550 3424 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/25 05:31:43.0065 3424 ================================================================================
2011/07/25 05:31:43.0065 3424 SystemInfo:
2011/07/25 05:31:43.0065 3424
2011/07/25 05:31:43.0065 3424 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/25 05:31:43.0065 3424 Product type: Workstation
2011/07/25 05:31:43.0065 3424 ComputerName: STRATOSPHERE
2011/07/25 05:31:43.0065 3424 UserName: Richie
2011/07/25 05:31:43.0065 3424 Windows directory: C:\WINDOWS
2011/07/25 05:31:43.0065 3424 System windows directory: C:\WINDOWS
2011/07/25 05:31:43.0065 3424 Processor architecture: Intel x86
2011/07/25 05:31:43.0065 3424 Number of processors: 2
2011/07/25 05:31:43.0065 3424 Page size: 0x1000
2011/07/25 05:31:43.0065 3424 Boot type: Normal boot
2011/07/25 05:31:43.0065 3424 ================================================================================
2011/07/25 05:31:44.0237 3424 Initialize success
2011/07/25 05:31:47.0690 1732 ================================================================================
2011/07/25 05:31:47.0690 1732 Scan started
2011/07/25 05:31:47.0690 1732 Mode: Manual;
2011/07/25 05:31:47.0690 1732 ================================================================================
2011/07/25 05:31:48.0581 1732 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/25 05:31:48.0612 1732 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/25 05:31:48.0659 1732 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/25 05:31:48.0706 1732 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/25 05:31:48.0800 1732 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/25 05:31:48.0893 1732 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/25 05:31:48.0925 1732 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/25 05:31:48.0987 1732 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/25 05:31:49.0034 1732 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/25 05:31:49.0081 1732 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/25 05:31:49.0253 1732 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys
2011/07/25 05:31:49.0331 1732 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
2011/07/25 05:31:49.0362 1732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/25 05:31:49.0409 1732 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/25 05:31:49.0440 1732 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/25 05:31:49.0456 1732 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/25 05:31:49.0534 1732 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/25 05:31:49.0565 1732 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/25 05:31:49.0628 1732 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/25 05:31:49.0628 1732 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/25 05:31:49.0675 1732 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/25 05:31:49.0690 1732 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/25 05:31:49.0722 1732 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/07/25 05:31:49.0800 1732 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/07/25 05:31:49.0909 1732 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/25 05:31:49.0925 1732 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/25 05:31:49.0956 1732 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/25 05:31:49.0987 1732 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/25 05:31:50.0003 1732 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/25 05:31:50.0003 1732 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/25 05:31:50.0065 1732 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/25 05:31:50.0097 1732 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/25 05:31:50.0112 1732 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/25 05:31:50.0143 1732 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/25 05:31:50.0175 1732 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/25 05:31:50.0222 1732 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/07/25 05:31:50.0253 1732 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/25 05:31:50.0268 1732 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/25 05:31:50.0347 1732 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/25 05:31:50.0393 1732 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/07/25 05:31:50.0597 1732 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110722.031\IDSxpx86.sys
2011/07/25 05:31:50.0628 1732 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/25 05:31:50.0675 1732 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/25 05:31:50.0722 1732 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/25 05:31:50.0737 1732 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/25 05:31:50.0768 1732 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/25 05:31:50.0784 1732 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/25 05:31:50.0831 1732 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/25 05:31:50.0847 1732 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/25 05:31:50.0893 1732 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/25 05:31:50.0909 1732 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/25 05:31:50.0925 1732 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/25 05:31:50.0956 1732 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/25 05:31:50.0987 1732 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/25 05:31:51.0034 1732 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/25 05:31:51.0050 1732 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/25 05:31:51.0065 1732 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/25 05:31:51.0081 1732 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/25 05:31:51.0097 1732 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/25 05:31:51.0112 1732 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/25 05:31:51.0159 1732 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/25 05:31:51.0175 1732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/25 05:31:51.0206 1732 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/25 05:31:51.0222 1732 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/25 05:31:51.0237 1732 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/25 05:31:51.0268 1732 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/25 05:31:51.0284 1732 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/25 05:31:51.0347 1732 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110724.003\NAVENG.SYS
2011/07/25 05:31:51.0393 1732 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110724.003\NAVEX15.SYS
2011/07/25 05:31:51.0440 1732 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/25 05:31:51.0456 1732 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/25 05:31:51.0472 1732 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/25 05:31:51.0487 1732 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/25 05:31:51.0534 1732 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/25 05:31:51.0550 1732 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/25 05:31:51.0565 1732 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/25 05:31:51.0597 1732 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/25 05:31:51.0612 1732 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/25 05:31:51.0628 1732 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/25 05:31:51.0690 1732 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/25 05:31:52.0018 1732 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/25 05:31:52.0300 1732 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/25 05:31:52.0315 1732 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/25 05:31:52.0331 1732 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/25 05:31:52.0347 1732 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/25 05:31:52.0362 1732 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/25 05:31:52.0393 1732 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/25 05:31:52.0409 1732 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/25 05:31:52.0456 1732 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/25 05:31:52.0472 1732 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/25 05:31:52.0597 1732 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/25 05:31:52.0597 1732 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/25 05:31:52.0628 1732 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/25 05:31:52.0753 1732 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/25 05:31:52.0768 1732 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/25 05:31:52.0784 1732 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/25 05:31:52.0800 1732 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/25 05:31:52.0815 1732 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/25 05:31:52.0831 1732 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/25 05:31:52.0847 1732 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/25 05:31:52.0878 1732 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/25 05:31:52.0893 1732 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/25 05:31:52.0940 1732 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/25 05:31:52.0972 1732 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/25 05:31:52.0987 1732 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/25 05:31:53.0003 1732 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/25 05:31:53.0050 1732 SGIR (532f78ba55b3c8556c8998cb59a00471) C:\WINDOWS\system32\drivers\iMON_PAD.sys
2011/07/25 05:31:53.0128 1732 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
2011/07/25 05:31:53.0143 1732 smbusp (49712612a47f2d921556f7133f682abe) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
2011/07/25 05:31:53.0206 1732 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/25 05:31:53.0237 1732 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/25 05:31:53.0331 1732 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
2011/07/25 05:31:53.0393 1732 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/07/25 05:31:53.0440 1732 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/25 05:31:53.0534 1732 STHDA (228519217a88c2f6b0cf8c022e6d669c) C:\WINDOWS\system32\drivers\sthda.sys
2011/07/25 05:31:53.0565 1732 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/07/25 05:31:53.0612 1732 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/25 05:31:53.0628 1732 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/25 05:31:53.0737 1732 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/07/25 05:31:53.0784 1732 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/07/25 05:31:53.0847 1732 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/07/25 05:31:53.0893 1732 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/07/25 05:31:53.0940 1732 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS
2011/07/25 05:31:54.0034 1732 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/25 05:31:54.0081 1732 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/25 05:31:54.0112 1732 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/25 05:31:54.0143 1732 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/25 05:31:54.0175 1732 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/25 05:31:54.0362 1732 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/25 05:31:54.0409 1732 UltraMonMirror (c4c86a9e24a941fbb8083ed929fc24cc) C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
2011/07/25 05:31:54.0456 1732 UltraMonUtility (e0541823108191c017958a85543ba166) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
2011/07/25 05:31:54.0503 1732 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/25 05:31:54.0550 1732 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/25 05:31:54.0581 1732 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/25 05:31:54.0597 1732 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/25 05:31:54.0612 1732 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/25 05:31:54.0628 1732 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/25 05:31:54.0659 1732 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/25 05:31:54.0737 1732 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/25 05:31:54.0768 1732 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/25 05:31:54.0800 1732 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/25 05:31:54.0815 1732 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/25 05:31:54.0847 1732 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/25 05:31:54.0893 1732 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/25 05:31:54.0925 1732 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/25 05:31:54.0987 1732 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/25 05:31:55.0003 1732 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/25 05:31:55.0050 1732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/25 05:31:55.0237 1732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/07/25 05:31:55.0409 1732 Boot (0x1200) (63c9ddab6862fe8592806f2fbf5f832a) \Device\Harddisk0\DR0\Partition0
2011/07/25 05:31:55.0409 1732 Boot (0x1200) (c8f45f8c18a5c2773e0ee88f98c240fc) \Device\Harddisk1\DR1\Partition0
2011/07/25 05:31:55.0425 1732 Boot (0x1200) (a029419af436613e9996206fd4ba5cb9) \Device\Harddisk1\DR1\Partition1
2011/07/25 05:31:55.0425 1732 ================================================================================
2011/07/25 05:31:55.0425 1732 Scan finished
2011/07/25 05:31:55.0425 1732 ================================================================================
2011/07/25 05:31:55.0425 0172 Detected object count: 0
2011/07/25 05:31:55.0425 0172 Actual detected object count: 0
kauhikoa
Active Member
 
Posts: 6
Joined: July 10th, 2011, 3:15 pm

Re: Infected Rebooting very slow

Unread postby kauhikoa » July 25th, 2011, 4:16 pm

Hi askey127,

Thank you so much for your help, I've decided to do a full reformat. I've backed up my important files. Time for a spring cleaning.
Continue helping others. Thanks again.
kauhikoa
Active Member
 
Posts: 6
Joined: July 10th, 2011, 3:15 pm

Re: Infected Rebooting very slow

Unread postby askey127 » July 25th, 2011, 4:57 pm

kauhikoa,
OK.
If you have adequate backups, that sometimes can actually be the most timesaving approach.
I would be careful which of your installed programs you allow to startup automatically.
The easiest way to control that is to use WinPatrol.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.
About startups:
If you right click the Winpatrol "ScottyDog" icon in the system tray, and choose "Startup Info", you will see the list of everything that starts automatically on your machine.
If you highlight any one of them and choose "Disable", that program will no longer start automatically.
The program is still on the machine, and still retained in the list, but now listed as "Disabled".
If you change your mind, you can highlight the same program again and choose "Enable" so it will again start automatically.
In this way you can exercise complete control over how many programs start, and how loaded down your machine is.
Any program that has startup Disabled can still be used from Start, Programs.
Good Luck.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected Rebooting very slow

Unread postby askey127 » July 29th, 2011, 7:08 am

Since it has been decided to solve this problems with a Reformat, this topic will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware