Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

slow running computer with weird email messages

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

slow running computer with weird email messages

Unread postby lverna » March 3rd, 2012, 5:19 pm

Hello

I have a slow running computer and I get 10-12 email messages that are written in Arabic. when I try to hit start|all programs it takes forever. changing from 1 window to the next is a problem. starting a program from the desktop takes a long time for it to load.
here are the ddr files you asked for
thanks!!!!!!!!!!!!!!!!!!!!
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/13/2008 7:18:01 PM
System Uptime: 3/3/2012 9:46:41 AM (3 hours ago)
.
Motherboard: FOXCONN | | A6VMX
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket 940 | 2300/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 11.779 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 116.762 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1240: 1/27/2012 9:00:29 AM - Software Distribution Service 3.0
RP1241: 1/27/2012 5:07:19 PM - Installed Connect Service
RP1242: 1/27/2012 10:46:17 PM - Software Distribution Service 3.0
RP1243: 1/28/2012 9:00:38 AM - Software Distribution Service 3.0
RP1244: 1/28/2012 10:42:14 PM - Software Distribution Service 3.0
RP1245: 1/29/2012 9:01:53 AM - Software Distribution Service 3.0
RP1246: 1/29/2012 11:03:31 PM - Software Distribution Service 3.0
RP1247: 1/30/2012 11:16:46 PM - Software Distribution Service 3.0
RP1248: 1/31/2012 11:18:17 PM - Software Distribution Service 3.0
RP1249: 2/1/2012 11:10:15 PM - Software Distribution Service 3.0
RP1250: 2/2/2012 10:49:02 PM - Software Distribution Service 3.0
RP1251: 2/3/2012 9:00:37 AM - Software Distribution Service 3.0
RP1252: 2/3/2012 10:54:32 PM - Software Distribution Service 3.0
RP1253: 2/4/2012 9:00:30 AM - Software Distribution Service 3.0
RP1254: 2/4/2012 10:22:22 PM - Software Distribution Service 3.0
RP1255: 2/5/2012 9:00:53 AM - Software Distribution Service 3.0
RP1256: 2/5/2012 10:42:58 PM - Software Distribution Service 3.0
RP1257: 2/6/2012 10:52:32 PM - Software Distribution Service 3.0
RP1258: 2/7/2012 3:39:20 AM - Software Distribution Service 3.0
RP1259: 2/7/2012 10:51:45 PM - Software Distribution Service 3.0
RP1260: 2/8/2012 11:09:19 PM - Software Distribution Service 3.0
RP1261: 2/9/2012 9:00:39 AM - Software Distribution Service 3.0
RP1262: 2/9/2012 11:05:20 PM - Software Distribution Service 3.0
RP1263: 2/10/2012 10:36:02 PM - Software Distribution Service 3.0
RP1264: 2/11/2012 10:37:12 PM - Software Distribution Service 3.0
RP1265: 2/12/2012 11:09:06 PM - Software Distribution Service 3.0
RP1266: 2/13/2012 10:57:13 PM - Software Distribution Service 3.0
RP1267: 2/14/2012 9:00:47 AM - Software Distribution Service 3.0
RP1268: 2/14/2012 10:54:45 PM - Software Distribution Service 3.0
RP1269: 2/15/2012 10:36:51 AM - Installed DeductionPro 2008
RP1270: 2/15/2012 10:43:42 AM - Installed DeductionPro 2008
RP1271: 2/16/2012 9:08:43 AM - Installed Windows XP KB2661637.
RP1272: 2/16/2012 9:43:07 AM - Installed Windows XP KB2647516.
RP1273: 2/16/2012 9:44:51 AM - Installed Windows XP KB2660465.
RP1274: 2/16/2012 10:56:21 PM - Software Distribution Service 3.0
RP1275: 2/17/2012 9:01:12 AM - Software Distribution Service 3.0
RP1276: 2/17/2012 11:10:01 PM - Software Distribution Service 3.0
RP1277: 2/18/2012 9:00:53 AM - Software Distribution Service 3.0
RP1278: 2/18/2012 10:42:16 AM - Software Distribution Service 3.0
RP1279: 2/19/2012 1:13:01 PM - Software Distribution Service 3.0
RP1280: 2/19/2012 11:00:35 PM - Software Distribution Service 3.0
RP1281: 2/20/2012 9:00:42 AM - Software Distribution Service 3.0
RP1282: 2/20/2012 11:08:58 PM - Software Distribution Service 3.0
RP1283: 2/21/2012 10:54:33 PM - Software Distribution Service 3.0
RP1284: 2/22/2012 10:56:15 PM - Software Distribution Service 3.0
RP1285: 2/23/2012 9:00:44 AM - Software Distribution Service 3.0
RP1286: 2/23/2012 10:52:38 PM - Software Distribution Service 3.0
RP1287: 2/25/2012 9:01:05 AM - Software Distribution Service 3.0
RP1288: 2/25/2012 11:16:11 PM - Software Distribution Service 3.0
RP1289: 2/26/2012 10:48:34 PM - Software Distribution Service 3.0
RP1290: 2/27/2012 10:58:47 PM - Software Distribution Service 3.0
RP1291: 2/28/2012 11:14:29 PM - Software Distribution Service 3.0
RP1292: 2/29/2012 10:48:25 PM - Software Distribution Service 3.0
RP1293: 3/1/2012 10:44:49 PM - Software Distribution Service 3.0
RP1294: 3/2/2012 11:05:10 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acronis True Image Home
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Bonjour
BwgBurn Version 0.7.3
Canon CanoScan 4400F User Registration
CanoScan 4400F
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DeductionPro 2008
Doxillion Document Converter
DraftDominator Version 12.0e
Droppix Label Maker 2.9.1
DVD Architect Pro 5.0
Eraser 6.0.6.1376
FlipShare
Free CraigsList Reader Pro from CraigsPal 4.7.1
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Update
I.R.I.S. OCR
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 29
Kaspersky Internet Security 2011
LAME v3.98.2 for Audacity
LightScribe System Software
LightScribe Template Designs - Adventure
LightScribe Template Designs - Food-n-Family Pack 1
LightScribe Template Designs - Hobby Pack 1
LightScribe Template Designs - Holiday Pack 1
LightScribe Template Designs - Memories
LightScribe Template Designs - Seasonal Pack 1
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Sports Pack 1
LightScribe Template Labeler
LineupDominator Version 7.0a Full
Malwarebytes Anti-Malware version 1.60.1.1000
MFL Import Version 1.0e
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.4
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 6-9 Converter
MixPad Audio Mixer
Move Media Player
Mozilla Firefox (3.6.9)
Mozilla Firefox 9.0.1 (x86 en-US)
Mozilla Thunderbird (2.0.0.24)
Mozilla Thunderbird 10.0.2 (x86 en-US)
MP3PowerEncoder
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
NewBlue VideoFX MSP
Nikon File Uploader 2
Nikon Message Center 2
Notebook Software
Octoshape add-in for Adobe Flash Player
ooVoo
OpenOffice.org 3.1
Opera 11.61
Palm Desktop
Picture Control Utility
PowerDVD
Presto! PageManager 7.15.14
Prism Video File Converter
Projections Dominator Version 6.0g
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Reasonable NoClone 2010 Home
Rhapsody Player Engine
Safari
SAFARI Montage Media Player
Sansa Updater
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB951376-v2)
Skins
Skype™ 5.3
SMART Product Update
SmartSound Quicktracks Plugin
Snapfish PictureMover
Soft-Central SC-DiskInfo
Sony DVD Architect Studio 4.5
Sony Vegas Movie Studio Platinum 8.0
SyncToy 2.1 (x86)
TradeDominator version 7.0a
Ulead DVD DiskRecorder 2.1.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB971029)
USB Driver for Panasonic DVC
VC 9.0 Runtime
ViewNX 2
WavePad Sound Editor
WD SmartWare
WebCam Driver for Panasonic DVC
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinPatrol 2009
WinZip 11.2
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
3/3/2012 10:02:00 AM, error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).
3/2/2012 7:05:00 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/2/2012 7:05:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
3/2/2012 7:05:00 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/2/2012 7:04:54 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/1/2012 7:10:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
3/1/2012 7:10:01 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/1/2012 7:09:59 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
2/28/2012 9:34:24 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
2/28/2012 9:34:24 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/28/2012 9:34:16 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2/28/2012 9:28:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/28/2012 9:28:07 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/28/2012 9:06:07 AM, error: Service Control Manager [7022] - The Kaspersky Anti-Virus Service service hung on starting.
2/28/2012 11:37:24 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WDFME service.
2/27/2012 7:23:24 PM, error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2/27/2012 11:29:19 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2584052).
2/27/2012 11:11:46 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2596954).
2/27/2012 11:01:48 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2596520).
2/27/2012 11:00:54 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Publisher 2003 (KB2553084).
2/27/2012 11:00:07 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2597968).
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 12:53:28 on 2012-03-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.611 [GMT -5:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
F:\thunderbird.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\notebook software\NotebookPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SansaDispatch] c:\documents and settings\owner\application data\sandisk\sansa updater\SansaDispatch.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "F:\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picturemover\PictureMover.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{510CAC91-7FA0-4823-A643-02FCA120278D} : DhcpNameServer = 208.59.247.45 208.59.247.46
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {969B3B70-8765-11D5-9809-0050BACBF861} - rundll32.exe advpack.dll,LaunchINFSection c:\program files\cyberlink\mp3powerencoder\Cyber.inf,PerUserStub
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\765qpy9l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: f:\bin\nppdf.dll
FF - plugin: f:\bin\nppdf.dll
FF - plugin: f:\mozilla plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-3-16 911680]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-6 475736]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-3-16 2480048]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-19 652360]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-3-16 160288]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-19 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-4 136176]
S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
S3 Droppix Service;Droppix Service;c:\program files\common files\droppix\DxService.exe [2008-7-7 135168]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-4 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-2 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-03-02 21:13:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-16 12:57:11 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 12:57:11 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-24 13:17:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:55:09.03 ===============
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm
Advertisement
Register to Remove

Re: slow running computer with weird email messages

Unread postby troy3636 » March 5th, 2012, 3:38 pm

Hello lverna,


Welcome to the Malware Removal Forum. My name is Troy and I will be assisting you with the malware issues on your computer.
Because I am still in training, all the advice I give must first be checked by an instructor, therefore there may be some delays in my replies.

A few things before we get started
  1. If you have not already done so Please read these forum rules.
  2. Please be aware that removing malware is not without risk and while unrecoverable damage to systems is rare, it can happen and require a re-format and re-install of your operating system. Because of this it is a good idea to back-up anything important saved on your computer.
  3. Any fixes I may post will be specific to your computer and should not be used on other computers.
  4. While we work on your computer please don't install any new programs, try any other fixes, or run any tools other than those requested.
  5. If at any time my instructions are not clear please ask before proceeding.
  6. Failure to respond within 3 days will result in this topic being closed - If you need more time to complete the steps required, please let me know.

I am currently analysing your logs and will return with further instructions when finished. Please be patient this may take some time, especially the first response.
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: slow running computer with weird email messages

Unread postby lverna » March 5th, 2012, 5:46 pm

thanks, look forward to hearing from you
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm

Re: slow running computer with weird email messages

Unread postby troy3636 » March 7th, 2012, 9:05 am

Hi lverna,

Step 1
Back up registry with ERUNT
  1. Please download ERUNT by Lars Hederer and save it to your desktop. alternate download
  2. Double click erunt-setup-exe and follow the prompts to install ERUNT using the default settings.
  3. When asked if you want to add ERUNT to the Start-up folder select NO
  4. Make sure the box marked launch ERUNT is checked and click Finish
  5. Follow the prompts to create a backup to the default location.
  6. under backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  7. When you see a pop up message saying Registry backup is complete! click OK to finish. If you do not see this message DO NOT continue let me know.

Step 2
Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 29
Mozilla Firefox (3.6.9)
Mozilla Thunderbird (2.0.0.24)
Coupon Printer for Windows
The outdated Java and Mozilla programs are vulnerable to infection. We will update them when we are finished cleaning.
Coupon Printer for Windows is an undesirable program. See this article for details.


Step 3
TFC (Temp File Cleaner)
  1. Please download TFC.exe...by Old Timer. Save it to your desktop.
    Print these instructions. Save any unsaved work. TFC will close ALL open programs... including your browser and your desktop!
  2. Double click on TFC.exe to run it.
    TFC will begin cleaning up the "temp" files... it may take only a few seconds or it could be several minutes, depending on the number of temp files found.
  3. If prompted to reboot... click Yes.

If TFC prompts you to reboot, please do so before proceeding to any other steps or other use of your computer.


Step 4
Malwarebytes' Anti-Malware

  1. Please start MBAM (Malwarebytes' Anti-Malware).
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
  3. Run a Quick scan
  4. When the scan finishes...Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  5. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  6. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log in your next reply.


Step 5
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Double click on OTL.exe to run it.
  2. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  3. Click on Run Scan at the top left hand corner.
  4. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  5. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Please include in your next reply
  • Malwarebytes log
  • OTL.txt
  • Extras.txt
  • how is your computer behaving now?

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: slow running computer with weird email messages

Unread postby lverna » March 7th, 2012, 7:07 pm

troy I did step 1 but for step 2:

1) I can't find java auto updater in the list and

2) windows won't let me uninstall thunderbird 2.0
suggestions?
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm

Re: slow running computer with weird email messages

Unread postby troy3636 » March 8th, 2012, 8:58 am

Hi lverna,

Please skip uninstalling Java Auto Updater and Mozilla Thunderbird (2.0.0.24) for now and proceed with steps 3,4,and 5.
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: slow running computer with weird email messages

Unread postby lverna » March 8th, 2012, 7:36 pm

Hi troy

i tried step 3. I downloaded tfc but it won't scan. it hung there doing nothing for about 2 hours.. I restarted the computer after I downloaded and installed it and that didn't help. fun, fun, fun

thanks
luke
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm

Re: slow running computer with weird email messages

Unread postby troy3636 » March 9th, 2012, 1:04 pm

Hi Luke,

We'll skip TFC for now.

Step 1
Malwarebytes' Anti-Malware

  1. Please start MBAM (Malwarebytes' Anti-Malware).
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
  3. Run a Quick scan
  4. When the scan finishes...Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  5. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  6. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log in your next reply.


Step 2
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Double click on OTL.exe to run it.
  2. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  3. Click on Run Scan at the top left hand corner.
  4. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  5. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Please include in your next reply
  • Malwarebytes log
  • OTL.txt
  • Extras.txt
  • How is your computer behaving now?

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: slow running computer with weird email messages

Unread postby lverna » March 10th, 2012, 12:41 am

troy
mbam ran okay but otl will not scan correctly. it hangs where it says (at the bottom) scanning modules.

i restarted the computer and I had kaspersky shut off when i ran it and otl still hung

thanks
luke
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm

Re: slow running computer with weird email messages

Unread postby troy3636 » March 10th, 2012, 2:19 pm

Hi Luke,

Let's try OTL in Safe mode.

Step 1
Boot into Safe Mode

Note: You will not have internet access while in safe mode.

  1. Shut down Windows, and then turn off the power.
  2. Wait 30 seconds, and then turn the computer on.
  3. Start tapping the F8 key.
  4. When the Windows Advanced Options Menu appears ensure that the Safe Mode option is selected.
  5. Press Enter. Your computer will then start in Safe mode.
  6. Login on your usual account.
    Note: If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.


Step 2
OTL

  1. Double click on OTL.exe to run it.
  2. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  3. Click on Run Scan at the top left hand corner.
  4. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  5. Save both files to your desktop.
  6. Restart your computer normally.
  7. Please post the contents of both OTL.txt and Extras.txt files in your next reply.



Step 3
Malwarebytes' Anti-Malware

  1. Please start MBAM (Malwarebytes' Anti-Malware).
  2. Press the LOG... tab. Locate the most recent log file.
    Please copy and paste the most recent log in your next reply.


Please include in your next reply
  • Malwarebytes log
  • OTL.txt
  • Extras.txt
  • How is your computer behaving now?

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: slow running computer with weird email messages

Unread postby lverna » March 10th, 2012, 10:59 pm

2012/03/09 09:30:58 -0500 PC01 Owner MESSAGE Starting protection
2012/03/09 09:31:27 -0500 PC01 Owner MESSAGE Protection started successfully
2012/03/09 09:31:30 -0500 PC01 Owner MESSAGE Starting IP protection
2012/03/09 09:33:36 -0500 PC01 Owner MESSAGE IP Protection started successfully
2012/03/09 09:33:37 -0500 PC01 Owner MESSAGE Executing scheduled update: Daily
2012/03/09 09:34:40 -0500 PC01 Owner MESSAGE Scheduled update executed successfully: database updated from version v2012.03.07.02 to version v2012.03.09.04
2012/03/09 09:34:40 -0500 PC01 Owner MESSAGE Starting database refresh
2012/03/09 09:34:42 -0500 PC01 Owner MESSAGE Stopping IP protection
2012/03/09 09:34:42 -0500 PC01 Owner MESSAGE IP Protection stopped
2012/03/09 09:34:51 -0500 PC01 Owner MESSAGE Database refreshed successfully
2012/03/09 09:34:51 -0500 PC01 Owner MESSAGE Starting IP protection
2012/03/09 09:34:58 -0500 PC01 Owner MESSAGE IP Protection started successfully
2012/03/09 10:06:35 -0500 PC01 Owner MESSAGE Starting protection
2012/03/09 10:07:07 -0500 PC01 Owner MESSAGE Protection started successfully
2012/03/09 10:07:10 -0500 PC01 Owner MESSAGE Starting IP protection
2012/03/09 10:09:51 -0500 PC01 Owner MESSAGE IP Protection started successfully
2012/03/09 10:34:22 -0500 PC01 MESSAGE Starting protection
2012/03/09 10:34:59 -0500 PC01 Owner MESSAGE Protection started successfully
2012/03/09 10:35:03 -0500 PC01 Owner MESSAGE Starting IP protection
2012/03/09 10:37:25 -0500 PC01 Owner MESSAGE IP Protection started successfully
2012/03/09 11:07:17 -0500 PC01 MESSAGE Starting protection
2012/03/09 11:07:58 -0500 PC01 Owner MESSAGE Protection started successfully
2012/03/09 11:08:01 -0500 PC01 Owner MESSAGE Starting IP protection
2012/03/09 11:10:25 -0500 PC01 Owner MESSAGE IP Protection started successfully
2012/03/09 12:11:43 -0500 PC01 Owner MESSAGE Starting protection
2012/03/09 12:14:34 -0500 PC01 Owner MESSAGE Protection started successfully
2012/03/09 12:14:37 -0500 PC01 Owner MESSAGE Starting IP protection
2012/03/09 12:15:05 -0500 PC01 Owner MESSAGE IP Protection started successfully
2012/03/09 15:33:57 -0500 PC01 Owner MESSAGE Starting protection
2012/03/09 15:37:49 -0500 PC01 Owner MESSAGE Protection started successfully
2012/03/09 15:37:52 -0500 PC01 Owner MESSAGE Starting IP protection
2012/03/09 15:40:01 -0500 PC01 Owner MESSAGE IP Protection started successfully
2012/03/09 18:20:02 -0500 PC01 Owner MESSAGE Starting database refresh
2012/03/09 18:20:08 -0500 PC01 Owner MESSAGE Stopping IP protection
2012/03/09 18:20:08 -0500 PC01 Owner MESSAGE IP Protection stopped
2012/03/09 18:21:35 -0500 PC01 Owner MESSAGE Database refreshed successfully
2012/03/09 18:21:35 -0500 PC01 Owner MESSAGE Starting IP protection
2012/03/09 18:21:44 -0500 PC01 Owner MESSAGE IP Protection started successfully


OTL logfile created on: 3/10/2012 8:34:05 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 86.03% Memory free
3.72 Gb Paging File | 3.66 Gb Available in Paging File | 98.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 11.37 Gb Free Space | 29.71% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 116.28 Gb Free Space | 49.93% Space Free | Partition Type: NTFS

Computer Name: PC01 | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/09 21:23:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/09/14 13:27:45 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/09/08 09:45:10 | 001,034,752 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 09:44:50 | 000,484,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 09:41:36 | 000,237,056 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/16 17:38:41 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/11/12 02:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/09/28 14:31:44 | 000,135,168 | ---- | M] (Droppix) [On_Demand | Stopped] -- C:\Program Files\Common Files\Droppix\DxService.exe -- (Droppix Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FXDrv32)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/08 10:48:05 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2010/03/16 17:38:46 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/03/16 17:38:33 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/03/16 17:38:30 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/03/16 17:38:11 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/05/15 19:12:01 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/04/13 23:11:02 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ppa3.sys -- (ppa3)
DRV - [2007/08/10 00:52:44 | 004,603,904 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/26 20:58:17 | 002,303,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/05/31 02:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/09/29 12:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/10 09:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 07:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 08:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8 ... 2_0yach&q={searchTerms}
IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7_____en
IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GV2
IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: F:\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/06 08:08:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla Firefox\components [2012/03/07 18:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla Firefox\plugins [2012/03/07 18:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: F:\components [2011/12/18 09:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: F:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010/09/06 08:08:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/09/06 08:44:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Owner\Application Data\Move Networks [2009/07/05 20:58:43 | 000,000,000 | ---D | M]

[2010/04/18 06:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/04/18 06:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/02 17:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\765qpy9l.default\extensions
[2010/05/06 21:46:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\765qpy9l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/27 09:20:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\765qpy9l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/02 17:17:28 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\765qpy9l.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/07 17:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/06 06:20:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/05 08:58:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/14 07:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 15:23:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 11:09:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/11/11 19:01:37 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2010/09/06 08:45:30 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/09/06 08:45:28 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/07/05 20:58:43 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOVE NETWORKS
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\765QPY9L.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/06/01 12:16:20 | 001,683,456 | ---- | M] (Library Video Company) -- C:\Program Files\mozilla firefox\plugins\npSAFARIMontagePlayer.dll

========== Chrome ==========


O1 HOSTS File: ([2011/10/15 14:08:24 | 000,625,909 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16591 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [iTunesHelper] F:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-299502267-2025429265-725345543-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-299502267-2025429265-725345543-1003..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{510CAC91-7FA0-4823-A643-02FCA120278D}: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/13 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/04 16:58:10 | 000,002,623 | ---- | M] () - F:\autofill.conf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{64c9c1fc-23a7-11dd-8f8e-806d6172696f}\bootwiz\asrm.bin)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/09 21:23:23 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/03/08 15:56:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2012/03/07 17:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/03/07 17:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/03/07 17:06:29 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/03/03 12:48:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/03/03 12:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/10 20:32:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/10 19:08:13 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/10 19:01:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/09 21:23:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/03/09 11:08:17 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/03/08 15:56:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2012/03/08 15:38:01 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003 (2).lnk
[2012/03/07 17:07:40 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2012/03/07 17:07:39 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2012/03/07 17:06:03 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/03/05 20:36:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\System Restore.job
[2012/03/05 13:36:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/04 15:31:48 | 000,001,119 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/04 15:31:43 | 000,001,119 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/03 12:16:04 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/03 12:08:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/03/02 18:39:38 | 000,000,072 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/03/02 18:19:24 | 000,000,326 | ---- | M] () -- C:\WINDOWS\KA.INI
[2012/03/02 16:00:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/01 20:26:01 | 000,176,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/26 09:19:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/24 19:59:47 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2012/02/21 20:38:48 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SyncToy 2.1.lnk
[2012/02/21 16:58:05 | 000,197,850 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Scan0004.pdf
[2012/02/17 23:21:23 | 000,465,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/17 23:21:23 | 000,079,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/16 10:23:01 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 10:44:40 | 000,001,657 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2008.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/07 17:07:40 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2012/03/07 17:07:39 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2012/03/03 12:15:14 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/02 18:19:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/03/02 16:00:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 16:58:05 | 000,197,850 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Scan0004.pdf
[2012/02/16 07:57:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 07:57:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/15 10:44:40 | 000,001,657 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2008.lnk
[2011/12/12 20:45:29 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\cdr.ini
[2011/12/02 19:08:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/12/02 18:53:58 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Textures
[2011/12/02 18:53:58 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Templates
[2011/12/02 18:53:58 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Techno Kit
[2011/12/02 18:53:58 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\SystemConfiguration
[2011/12/02 18:53:58 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\System Image Utility
[2011/12/02 18:53:58 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Synth Textures
[2011/12/02 18:53:58 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/12/02 18:53:58 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/12/02 18:53:57 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/05/10 21:43:29 | 000,148,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/23 18:25:31 | 000,000,098 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/09/06 08:45:15 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/06 08:45:15 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/22 21:54:22 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\rtsr_eml_sr.dat
[2010/06/22 08:46:52 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\asdict.dat
[2010/06/22 08:45:49 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\antispam.xml
[2010/06/22 08:45:49 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\asbw.xml

< End of report >

OTL Extras logfile created on: 3/10/2012 8:34:05 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 86.03% Memory free
3.72 Gb Paging File | 3.66 Gb Available in Paging File | 98.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 11.37 Gb Free Space | 29.71% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 116.28 Gb Free Space | 49.93% Space Free | Partition Type: NTFS

Computer Name: PC01 | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"24726:TCP" = 24726:TCP:*:Enabled:FlipShareServer
"24727:TCP" = 24727:TCP:*:Enabled:FlipShareServer

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\SMART Technologies\SMART Board Drivers\UCService.exe" = F:\SMART Technologies\SMART Board Drivers\UCService.exe:*:Enabled:SMART SNMPAgent
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"F:\iTunes.exe" = F:\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05E7B5BE-6E53-EBE9-E51F-B0513239B093}" = Catalyst Control Center Graphics Previews Common
"{0AAC0AF2-8F53-4B3C-A050-AEDC827EA1CC}" = SMART Product Update
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{136CFE1A-8B61-36A5-1071-FD4C6DCE6820}" = ccc-utility
"{16A7373C-4B50-7314-61DD-331A4AECD571}" = CCC Help English
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18BBB04A-73CC-4735-855C-7DD9F5736703}" = Reasonable NoClone 2010 Home
"{1ADABB42-F098-0778-BC92-D66B3C5ED538}" = Catalyst Control Center Graphics Full Existing
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{23199BD2-AFD7-450E-ADC8-3E16132F17A2}" = HP Officejet 6500 E710n-z Basic Device Software
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3392F26F-0D1D-451F-8527-4820D1960235}" = Sony DVD Architect Studio 4.5
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43BF39DA-7C73-C00F-D5AF-775D1EC73EF3}" = Skins
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4DBCFDD9-2C48-7DD4-4FBE-082E457943B5}" = ccc-core-preinstall
"{4EAF566E-1712-433C-A1C2-7517845107CC}" = DVD Architect Pro 5.0
"{5534D076-81B6-209F-119B-1A792D380C21}" = Catalyst Control Center Graphics Full New
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C86E6C3-BDEC-EA73-984A-DB5A30724EF9}" = Catalyst Control Center Core Implementation
"{5C98A4FE-1F42-4F02-B738-F32886AE5467}" = Notebook Software
"{61100673-2546-42E1-BF92-467B5CB2AC6D}" = DeductionPro 2008
"{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"{64BFAD18-CE72-152A-AA9A-8C2AC170DC9E}" = Catalyst Control Center Graphics Light
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6BD97765-3ABB-4025-8F71-FAF86E57DD35}" = LightScribe Template Designs - Memories
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725F0ABA-808A-4256-885C-1E60245521D0}" = LightScribe Template Designs - Sports Pack 1
"{761287B5-8125-489C-868C-ADC9EFD3AD51}" = SAFARI Montage Media Player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79D16FEF-F66A-4DF3-AE01-DF0AE3E3BA45}" = LightScribe Template Designs - Hobby Pack 1
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83721450-E604-4C37-ABEB-CE7F18C587C8}" = LightScribe Template Labeler
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B01A13-F78F-4281-9224-C96FB3530A2C}" = LightScribe Template Designs - Seasonal Pack 1
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E49C988-C8F1-4197-AA6B-94E49751F5D7}" = Microsoft IntelliType Pro 6.3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969B3B70-8765-11D5-9809-0050BACBF861}" = MP3PowerEncoder
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF138729-87C7-4da4-8414-2E3B70C74D87}" = Snapfish PictureMover
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B06EFB5F-FDDC-4DA3-BE5C-3E2A72D5BEAE}" = LightScribe Template Designs - Food-n-Family Pack 1
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{B8E8C8EC-5C22-4B02-9C02-D851262F574C}" = Sony Vegas Movie Studio Platinum 8.0
"{B9CCF960-132F-453A-8FE7-CDDB42AEEEBF}" = BwgBurn Version 0.7.3
"{BA20221E-4D27-8DFA-14C2-D673CEB1C888}" = ccc-core-static
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC14E9A8-E41F-4345-BAB3-2EC6CC315085}" = Eraser 6.0.6.1376
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF736FF-8133-42F3-8E18-BDFE293B87FF}" = LightScribe Template Designs - Holiday Pack 1
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCD923D6-D4D7-472A-96A3-A37439B50891}" = Free CraigsList Reader Pro from CraigsPal 4.7.1
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC
"{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E3F1F5-1ACC-4B50-B6FC-F8DDBD5040B0}" = LightScribe Template Designs - Adventure
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Canon CanoScan 4400F User Registration" = Canon CanoScan 4400F User Registration
"CCleaner" = CCleaner
"Doxillion" = Doxillion Document Converter
"DraftDominator_is1" = DraftDominator Version 12.0e
"Droppix Label Maker_is1" = Droppix Label Maker 2.9.1
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"InstallShield_{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LineupDominator_is1" = LineupDominator Version 7.0a Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MFL Import_is1" = MFL Import Version 1.0e
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NewBlue VideoFX MSP" = NewBlue VideoFX MSP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Opera 11.61.1250" = Opera 11.61
"Prism" = Prism Video File Converter
"Projections Dominator_is1" = Projections Dominator Version 6.0g
"Soft-Central SC-DiskInfo" = Soft-Central SC-DiskInfo
"TradeDominator_is1" = TradeDominator version 7.0a
"WavePad" = WavePad Sound Editor
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2012 7:59:52 PM | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1625031

Error - 3/10/2012 7:59:54 PM | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/10/2012 7:59:54 PM | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1626984

Error - 3/10/2012 7:59:54 PM | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1626984

Error - 3/10/2012 7:59:56 PM | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/10/2012 7:59:56 PM | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1628937

Error - 3/10/2012 7:59:56 PM | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1628937

Error - 3/10/2012 7:59:58 PM | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/10/2012 7:59:58 PM | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1630890

Error - 3/10/2012 7:59:58 PM | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1630890

[ System Events ]
Error - 3/10/2012 1:25:18 PM | Computer Name = PC01 | Source = Service Control Manager | ID = 7022
Description = The Kaspersky Anti-Virus Service service hung on starting.

Error - 3/10/2012 1:31:33 PM | Computer Name = PC01 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 3/10/2012 1:31:33 PM | Computer Name = PC01 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 3/10/2012 1:31:33 PM | Computer Name = PC01 | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 3/10/2012 1:31:44 PM | Computer Name = PC01 | Source = DCOM | ID = 10010
Description = The server {548E275F-0290-40E7-B454-738B0C61DE60} did not register
with DCOM within the required timeout.

Error - 3/10/2012 3:44:29 PM | Computer Name = PC01 | Source = Service Control Manager | ID = 7022
Description = The Kaspersky Anti-Virus Service service hung on starting.

Error - 3/10/2012 3:45:23 PM | Computer Name = PC01 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 3/10/2012 3:45:23 PM | Computer Name = PC01 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 3/10/2012 4:34:44 PM | Computer Name = PC01 | Source = Service Control Manager | ID = 7022
Description = The Kaspersky Anti-Virus Service service hung on starting.

Error - 3/10/2012 4:57:12 PM | Computer Name = PC01 | Source = Service Control Manager | ID = 7022
Description = The Kaspersky Anti-Virus Service service hung on starting.


< End of report >

the computer has been locking up the last 24 hrs and all i can do is hit the restart button on the computer tower. I am replying to you from my laptop that is NOT having issues. I got an unresponsive script error message when I clicked on a link in an email that (ironically) was meant to take me to this site to respond to you. so the computer is behaving very badly lately. worse than when i originally contacted you.

thanks
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm

Re: slow running computer with weird email messages

Unread postby troy3636 » March 13th, 2012, 8:05 am

Hi Luke,

I apologize for the delay.

Press Start->Run, then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: slow running computer with weird email messages

Unread postby lverna » March 13th, 2012, 6:12 pm

troy, i took the computer to a pro and he is fixing it...thanks for your time!!

ill donate soon
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm

Re: slow running computer with weird email messages

Unread postby lverna » March 13th, 2012, 6:25 pm

I had some hard drive issues I needed fixed besides the locking up issue
lverna
Regular Member
 
Posts: 24
Joined: August 19th, 2009, 9:40 pm

Re: slow running computer with weird email messages

Unread postby troy3636 » March 14th, 2012, 2:49 pm

Hi Luke,

thanks for your time!!
You're welcome.

Thanks for replying back and letting me know.

As you have the situation under control I will ask for this topic to be closed.

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware