Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer running very slowly ..think i have a virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer running very slowly ..think i have a virus

Unread postby painter12 » February 19th, 2012, 1:23 pm

tried to run the dll logs and computer would not let it run!...so downloaded hyjack this instead

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
CameraHelperMsi
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Getting Started Guide
Dell Support Center
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
DING!
EDocs
erLT
Evernote v. 4.1
Garmin City Navigator North America NT 2009 Update
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 11.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 11.0
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 3.0
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
Intel(R) Rapid Storage Technology
iTunes
Java(TM) 6 Update 5
Kaspersky Anti-Virus 2011
Kaspersky Anti-Virus 2011
LG USB Modem driver
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Music, Photos & Videos Launcher
NetWaiting
OCR Software by I.R.I.S. 11.0
OGA Notifier 2.0.0048.0
OutlookAddinSetup
Photo Viewer 2.3
PrintMaster Platinum 18
Product Documentation Launcher
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Shop for HP Supplies
Spelling Dictionaries Support For Adobe Reader 9
The Interactive e-Book of The Beneficiary Book Version 2.0
The Print Shop Premier Edition 5.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebEx Support Manager for Internet Explorer

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:05:37 PM, on 2/19/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: I5????, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)

--
End of file - 7093 bytes
painter12
Active Member
 
Posts: 9
Joined: February 19th, 2012, 12:32 pm
Advertisement
Register to Remove

Re: Computer running very slowly ..think i have a virus

Unread postby mambass » February 20th, 2012, 11:43 am

Hi painter12, :)

Welcome to the forum.

My nickname is mambass and I'll be helping you with any malware problems.

Before we begin...please read and follow these important guidelines so things will proceed smoothly.

  1. If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. Please read all instructions carefully before executing them and perform the steps in the order given.
    lf you have any questions or problems executing these instructions then <<STOP>> do not proceed but rather post back with the question or problem.
  4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
  5. You must have Administrator rights permissions for this computer.
  6. DO NOT run any other fix or removal tools unless instructed to do so!
  7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
  9. Only reply to this thread. Do not start another thread.
  10. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  11. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
  12. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
  13. The logs I request can take a while to research so please be patient.
  14. I am currently in training at Malware Removal University. Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side you will have two people working together to resolve your malware issues.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection. I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system or to necessitate you taking your computer to a repair shop.

Because of this I advise you to backup any personal files and folders before you start.

How to back up or transfer your data on a Windows-based computer

-----------------------------------------------------------

I am currently reviewing your log and will return as soon as possible with additional instructions.

Thanks,

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Computer running very slowly ..think i have a virus

Unread postby mambass » February 20th, 2012, 4:19 pm

Hi painter12, :)

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Download and Run Rkill
    1. Please download and run the tool named Rkill, which may help in allowing other programs to run.
      There are 4 different versions. If one of them won't run then download and try to run one of the other ones.
      You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
      Please download Rkill from one of the following links and save to your Desktop:
      Rkill.exe
      RKill.com
      RKill.scr
    2. Right-click on the Rkill desktop icon and select Run As Administer to run the tool.
    3. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    4. A notepad windows will open, please post the contents in your next reply. This log can also be found at C:\rkill.log
      • If the notepad window doesn't open, repeat the process and attempt to use one of the remaining links until the tool runs.
    5. Do not reboot your machine until asked to do so. If no version of Rkill would run, please let me know.
    6. Please leave Rkill on the Desktop until otherwise advised.

  2. Run a Scan with OTL
    1. Click here to download OTL.exe by Old Timer and save it to your Desktop.
    2. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    3. Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    4. Make sure all other windows are closed so that it can run uninterrupted.
    5. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan won't take long.
    6. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
    7. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

  3. Scan your system using GMER

    IMPORTANT: These types of scans can produce false positives. DO NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst.

    1. Click here to download GMER by GMER and save it to your Desktop. The program will be saved using a random filename such as a123bc4d.exe but the program's icon will appear as Image
    2. Close all applications (including this browser).
      • Note: Do not run any other applications while GMER is running.
    3. Right-click the GMER icon on your desktop and select Run As Administrator to run the program.
    4. Click NO if GMER displays a warning about rootkit activity and asks if you want to run a scan.
    5. Uncheck (untick) the following items in the right panel of the GMER window:
      • IAT/EAT
      • Drives/Partition other than the System drive (which is typically C:\)
      • Show all <<< make sure this one is unchecked (unticked)
      Image

    6. Click the Scan button.
      • The scan may take a while to run so please be patient.
      • Remember not to run any other application while the GMER scan is running.
      • While running, the Scan button that you clicked to begin the scan will be relabeled Stop. This button will be relabeled back to Scan upon completion of the scan.
      • Wait for the scan to complete.
    7. Click the Save… button and then type "Gmer.txt" in the filename area (include the quotation marks in the filename) and save the file to your Desktop.
    8. Close the GMER window.
    9. Include the contents of the Gmer.txt log in your reply.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the rkill.log report.
  3. The contents of the OTL.txt and Extras.txt logs.
  4. The contents of the Gmer.txt log.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Computer running very slowly ..think i have a virus

Unread postby painter12 » February 20th, 2012, 8:01 pm

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/20/2012 at 18:14:46.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe


Rkill completed on 02/20/2012 at 18:18:46.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-20 18:58:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.HH10
Running: 2twhc2hx.exe; Driver: C:\Users\Owner\AppData\Local\Temp\ugloapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- EOF - GMER 1.0.15 ----
Tried to run the scan OTL several times and it would stop and say not responding when it got to scanning modules...it would go on for about 25 minutes then say not responding.....please advise...thanks so much!
painter12
Active Member
 
Posts: 9
Joined: February 19th, 2012, 12:32 pm

Re: Computer running very slowly ..think i have a virus

Unread postby mambass » February 21st, 2012, 9:04 am

Hi painter12, :)

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Download aswMBR
    1. Click here to download aswMBR.exe and save it to your Desktop.
    2. Do not run the program at this time.

  2. Disable Kaspersky Anti-Virus 2011
    We're going to disable Kaspersky Anti-Virus for the next two scans. Be sure to re-enable it as directed below before opening a browser window.
    1. Close all windows/applications including all browser windows.
    2. Right-click the Kaspersky icon in your system tray near the clock and select the Pause protection… option.
    3. In the Pause protection window, select the option similar to "Protection will only be enabled when you decide to resume it".

  3. Run aswMBR
    1. Right-click the aswMBR.exe icon and select Run As Administrator to run it.
    2. Click the Scan button.
    3. After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
    4. Click OK. Two files will be created, aswMBR.txt & a file named MBR.dat
    5. Save MBR.dat to a USB flash drive. This is a backup of your MBR (Master Boot record). Do not delete this file.
    6. NOTE: Do not click to fix anything at this stage!
    7. Click EXIT.
    8. Copy & Paste the contents of aswMBR.txt into your next reply.

  4. Run a Scan with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList <-- Be sure to select this option
    3. Make sure all other windows are closed so that it can run uninterrupted.
    4. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan won't take long.
    5. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
    6. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

  5. Re-enable Kaspersky Anti-Virus
    Right-click the Kaspersky icon in your system tray near the clock and select the Resume protection… option.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the aswMBR.txt log.
  3. The contents of the OTL.txt and Extras.txt logs.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Computer running very slowly ..think i have a virus

Unread postby painter12 » February 21st, 2012, 3:20 pm

OTL Extras logfile created on: 2/21/2012 2:02:43 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.39% Memory free
2.14 Gb Paging File | 0.98 Gb Available in Paging File | 45.81% Paging File free
Paging file location(s): c:\pagefile.sys 212 9999 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.74 Gb Total Space | 80.42 Gb Free Space | 58.81% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.56 Gb Free Space | 56.96% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0528ECFE-4F68-434A-9987-539002A90E55}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{085E0A89-A86E-43DC-9253-2885DDE0BF93}" = rport=445 | protocol=6 | dir=out | app=system |
"{0B338A97-4CBC-41DD-AF52-3E803455F144}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0BAEE5E8-11AE-488A-940E-DE7E90480595}" = lport=139 | protocol=6 | dir=in | app=system |
"{0CE56D7C-1311-4E8E-A73E-63DD78C6EC28}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{114B45BD-5839-4E43-BA59-67AF7F2A8671}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1236DCDC-EB01-470B-92EF-943071990247}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13A3F17D-253C-4677-8162-72082BA67984}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E38F1DF-33A6-418E-87A3-1259E505F111}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A519073-9BDE-4D52-AE5C-1AC2641573AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{31CE2BDE-350D-42A5-9A5D-72F5046C989A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{371DB07D-819C-4FED-9D01-2330ED9F0EB0}" = rport=139 | protocol=6 | dir=out | app=system |
"{4D185AFF-6A66-4D85-9748-1F700BB7FC50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{510D9262-B6EA-41DF-B082-644ACF924969}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A599AFD-D316-49FA-B0FB-1159792CC3FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D83DCED-B766-4011-B2D2-960488E9D54C}" = rport=137 | protocol=17 | dir=out | app=system |
"{759352AE-83B6-4733-BEBB-57905F64D211}" = lport=445 | protocol=6 | dir=in | app=system |
"{7788AD95-2AAB-47BF-A82E-A618D74E5272}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{7A2A2382-3F53-4C31-9C91-29E295185C20}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7AEBE312-2554-401D-944D-BD1604A8AD3A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8FF703D0-5371-4F6C-89C7-5A515AB72233}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAA213F5-DED2-41C1-B51C-FC747D70CEBA}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA70C1BD-8CC4-40D1-8564-4894C7B142C3}" = rport=138 | protocol=17 | dir=out | app=system |
"{BD57DC02-0BBA-4D7F-B5D5-AE55B9AE21A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{BEBD9BDD-7794-4BCD-BBF4-A26DDAFB3F9B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D835A2C7-60A3-4DD6-B5DE-2C8A8F4D9CD2}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{EC2C57F1-979A-49B9-9399-59C4A0F26884}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE57B052-4BA0-4925-B016-659B2094EFC2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{F3035E7D-9A33-4DAC-AEB2-E6D129AA8F95}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0999C035-C44D-42E7-B3DD-92AC56440155}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{0B327941-49AF-47B0-A871-07AAEB95A775}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0EC27849-3158-416B-83BC-3AF6A640C926}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{0FCB71D5-3516-48B0-95C4-4AE8E25A7567}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{213C540A-7673-4005-A98B-5EE9953E8EB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{23A98790-91E8-4205-9BC3-0D412F7CE9B3}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{29C26C73-C026-4B39-B23B-114321BDD3BE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3759DF66-877D-4A9F-908F-F056E7CB3AC8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3A98B349-A33F-43BE-81E5-B937C65962DE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{4274F116-A103-43BB-A2F6-8CA9B87BDC09}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{463D3B7D-CA8F-4E80-9DDE-A1BBFA4499C9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4644445D-6569-4DBC-8349-5C8B2D92295E}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{475876F4-175A-4CCB-9EA7-03321297AC0E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4C91C9FE-7C5E-45FE-B9C5-EF78CC04626E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F0255D4-7893-477B-9029-5303E9AB560E}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{51A70105-9D14-4002-8C68-02012CE6E434}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{59BD9FDD-E6F7-4E87-A7B4-194B9CB63CE7}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5D359D7A-31C6-4C14-8B40-18D01D272FDE}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{6177F7B3-6A1D-4FC7-9149-1A2EDD2A6423}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{698C32E6-8090-433C-86EF-AD04B8FF8DEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{6F8AAC2B-9D43-44C1-BD18-03B007982CA8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{76AEF91B-9422-4E79-8A26-64278A0C431C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7DC9B238-138E-4E03-8D26-DC696456EA7B}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{822524B1-4713-4503-ACB5-113CC58CEDFF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{84DDC3A5-579C-450B-A51E-A5CBD956F5CF}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{89B0146C-BB4E-4DA6-A6A4-07219B9322A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{8C87E769-4C31-4205-8850-21789F8836FF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8ECBB453-9065-43AA-83EC-6B8B3C1C4990}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{970632A2-1BA0-4E61-99AC-75AD3F525B4C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{A5885950-E906-49FF-9E2B-B5B46D6CE392}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B6C7815C-1BE7-4E83-8F34-0EC2F19E9680}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{BA5BEA23-310D-40EB-911D-A2AD5DE0772F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C0D74FDB-3F16-421A-83CC-6A8A7ED87A22}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{C824A81E-24CF-45B4-AB15-BD613FBAC21C}" = dir=in | app=e:\setup\hpznui01.exe |
"{D7150EC0-2574-4A78-8BC1-EF4BA78259E8}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{DC72EF18-96C0-41A6-8A0D-E785965A7A06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{EFF0BBD7-AA59-4C1C-84DD-E892686C5070}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F51FEE94-9E87-4F1E-92D8-FE392508346C}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{F95FA74F-4ECD-40A3-9A7C-8A769E7686EA}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{FEA5AF8B-C4E4-488B-96D6-5E2BD983A306}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"TCP Query User{29F8C25D-33FE-4933-8DBA-FEAF38987F2F}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4E2F746C-460C-44C3-9987-C900C8348B00}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DAB935B0-354E-4C34-91E0-1E71FA2BC9D3}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{F2B961B3-1AE8-4CF0-AA85-E5CC0C9D2F59}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{24CF173A-F8EE-48B0-AA5A-2F0AFAF49D75}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5BD2D580-718F-4CAA-B405-FE57EFA4AC0E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5FD00779-0511-4DE0-9963-ACE3FA9482BC}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C41D4417-5C39-476B-A31F-3B4587FBDEBF}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02548730-180A-487e-A726-A75CB6650AF7}" = D1400
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0FFC1BEE-CD91-4B6D-A5A0-89CD7B2691E7}_is1" = The Interactive e-Book of The Beneficiary Book Version 2.0
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32622F02-640A-4335-86FF-557325DC39D4}" = PS_AIO_04_C6300_Software_Min
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BD42C12-74D1-4804-B24D-D21E25D4E3CF}" = PS_AIO_04_C6300_ProductContext
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99832252-D489-4276-B961-6D505CF0AFAA}" = PS_AIO_04_C6300_Software
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9DA735C0-3C3E-4CB3-BC26-BE95E768115F}" = Garmin City Navigator North America NT 2009 Update
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9EDC4EA1-558A-4297-9BCB-F36E572E6B1D}" = C6300_Help
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7E154EF-D5EC-4da4-9D00-43B85967B120}" = dj_sf_ProductContext
"{C8732DC3-1736-44b2-B741-2D636DE58605}" = HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4250558-4DE6-4342-8865-D397FD66076B}" = C6300
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EBD9A954-6C1A-4E9F-A098-C98653035381}" = PrintMaster Platinum 18
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFE673F6-688A-42ed-9C6C-9DD8CF5A9B89}" = D1400_Help
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.1
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Support Center" = Dell Support Center
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Logitech Vid" = Logitech Vid HD
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Photo Viewer" = Photo Viewer 2.3
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Shop for HP Supplies" = Shop for HP Supplies
"The Print Shop Premier Edition 5.0" = The Print Shop Premier Edition 5.0
"WebPost" = Microsoft Web Publishing Wizard 1.52

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1310896333-4111929781-2163261088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2012 10:52:40 AM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: df4 Start Time: 01ccefdd97dd76d8 Termination Time: 546

Error - 2/20/2012 11:00:28 AM | Computer Name = Owner-PC | Source = Perflib | ID = 1010
Description =

Error - 2/20/2012 11:00:35 AM | Computer Name = Owner-PC | Source = Perflib | ID = 1008
Description =

Error - 2/20/2012 7:32:44 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.33.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 530 Start Time: 01ccf026d4d6c450 Termination Time: 15

Error - 2/20/2012 7:40:50 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.33.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: dbc Start Time: 01ccf027f8d1fd60 Termination Time: 15

Error - 2/20/2012 7:48:52 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program uycv1rqf.exe version 1.0.15.15641 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 16a0 Start Time: 01ccf029a051bb10 Termination Time: 203

Error - 2/20/2012 7:54:06 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.33.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1690 Start Time: 01ccf02a3d1a6370 Termination Time: 47

Error - 2/20/2012 9:48:32 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 16ac Start Time: 01ccf03ac0a9f920 Termination Time: 31

Error - 2/21/2012 11:00:41 AM | Computer Name = Owner-PC | Source = Perflib | ID = 1010
Description =

Error - 2/21/2012 11:00:50 AM | Computer Name = Owner-PC | Source = Perflib | ID = 1008
Description =

[ Media Center Events ]
Error - 2/18/2009 10:40:42 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 2/21/2012 8:51:34 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/21/2012 8:51:34 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/21/2012 8:52:40 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/21/2012 8:52:46 AM | Computer Name = Owner-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 2/21/2012 2:56:08 PM | Computer Name = Owner-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/21/2012 2:56:18 PM | Computer Name = Owner-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/21/2012 2:56:26 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:53:55 PM on 2/21/2012 was unexpected.

Error - 2/21/2012 2:58:03 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/21/2012 2:58:03 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/21/2012 3:00:05 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >
OTL logfile created on: 2/21/2012 2:02:43 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.39% Memory free
2.14 Gb Paging File | 0.98 Gb Available in Paging File | 45.81% Paging File free
Paging file location(s): c:\pagefile.sys 212 9999 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.74 Gb Total Space | 80.42 Gb Free Space | 58.81% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.56 Gb Free Space | 56.96% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 18:32:55 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/01/18 13:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/11/11 18:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/08/12 11:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/24 09:45:02 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 13:27:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 13:21:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/17 07:32:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2008/05/19 01:25:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/24 09:45:02 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2008/08/11 21:09:26 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 05:45:36 | 003,192,184 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/09 05:45:28 | 000,243,064 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2012/02/21 13:59:37 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6ABC9870-A8AB-4CA5-898D-EB6C1F983A7F}\MpKsl232cd606.sys -- (MpKsl232cd606)
DRV - [2012/02/21 13:52:50 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6ABC9870-A8AB-4CA5-898D-EB6C1F983A7F}\MpKsl2482b022.sys -- (MpKsl2482b022)
DRV - [2012/02/17 10:03:34 | 000,488,024 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C310(UVC)
DRV - [2011/08/19 04:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/05/07 13:51:20 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 10:21:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2012/02/17 09:31:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 10:21:08 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/10/01 09:09:54 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2151F87-B6FE-4762-8BAB-B18FAEE7F158}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (I5????) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8a845fa5-af20-11dd-86d2-00219be1dcc4}\Shell\AutoRun\command - "" = F:\wdsync.exe
O33 - MountPoints2\{8fe0ab47-a310-11e0-a6db-002268cbebf0}\Shell - "" = AutoRun
O33 - MountPoints2\{8fe0ab47-a310-11e0-a6db-002268cbebf0}\Shell\AutoRun\command - "" = G:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/21 13:51:30 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/02/20 18:15:18 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/02/19 11:59:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/19 11:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/18 20:04:31 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2012/02/16 08:33:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 08:33:43 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 08:33:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 08:33:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 08:33:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 08:33:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/16 01:26:35 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/10 15:50:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/01/23 21:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 20:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/23 20:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/01 18:03:08 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2008/10/02 13:03:27 | 000,000,574 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/21 14:01:57 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/02/21 13:57:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 13:57:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 13:56:34 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/21 13:56:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/21 13:52:02 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/02/21 13:35:17 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1310896333-4111929781-2163261088-1000UA.job
[2012/02/20 18:54:46 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\2twhc2hx.exe
[2012/02/20 18:32:55 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/02/20 16:35:14 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1310896333-4111929781-2163261088-1000Core.job
[2012/02/20 07:06:19 | 000,645,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/20 07:06:19 | 000,121,210 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/19 12:08:08 | 000,002,523 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2012/02/17 20:26:52 | 000,000,921 | ---- | M] () -- C:\Users\Owner\Desktop\Dropbox.lnk
[2012/02/17 20:26:52 | 000,000,901 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/17 10:03:34 | 000,488,024 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/02/17 10:03:29 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012/02/17 10:03:28 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012/02/16 23:37:31 | 000,002,044 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2012/02/16 23:37:31 | 000,002,006 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/16 09:52:15 | 001,020,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 16:13:06 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2012/02/12 06:59:57 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/02 09:49:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/02 09:49:37 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/31 07:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/23 21:02:50 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/21 14:01:57 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/02/20 18:54:45 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\2twhc2hx.exe
[2012/02/19 11:59:18 | 000,002,523 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2012/02/17 20:20:28 | 000,000,901 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/15 16:51:09 | 001,020,816 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 16:13:06 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2012/02/10 15:52:19 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/10 15:52:13 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/23 21:02:50 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/19 04:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 04:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 04:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 01:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/25 14:34:36 | 000,166,564 | ---- | C] () -- C:\Windows\hpoins31.dat
[2010/11/03 09:23:54 | 000,024,206 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

========== LOP Check ==========

[2012/02/21 13:58:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2009/01/19 21:06:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GARMIN
[2010/12/26 14:37:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2011/03/02 21:12:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCDr
[2009/01/20 11:33:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Southwest Airlines
[2008/10/02 13:03:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/02/19 11:39:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WeatherBug
[2012/02/12 06:59:57 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/20 20:57:19 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/21 13:56:34 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-21 13:57:35
-----------------------------
13:57:35.104 OS Version: Windows 6.0.6002 Service Pack 2
13:57:35.104 Number of processors: 2 586 0xF0D
13:57:35.104 ComputerName: OWNER-PC UserName: Owner
13:59:29.984 Initialize success
14:00:24.506 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:00:24.522 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
14:00:24.537 Disk 0 MBR read successfully
14:00:24.537 Disk 0 MBR scan
14:00:24.553 Disk 0 Windows VISTA default MBR code
14:00:24.553 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:00:24.584 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
14:00:24.600 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 140026 MB offset 20561920
14:00:24.615 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 307337216
14:00:24.678 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 307339264
14:00:24.693 Disk 0 scanning sectors +312578048
14:00:24.787 Disk 0 scanning C:\Windows\system32\drivers
14:00:46.674 Service scanning
14:01:07.331 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
14:01:07.503 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
14:01:07.627 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
14:01:07.659 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
14:01:08.907 Service MpKsl232cd606 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6ABC9870-A8AB-4CA5-898D-EB6C1F983A7F}\MpKsl232cd606.sys **LOCKED** 32
14:01:09.016 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
14:01:18.579 Modules scanning
14:01:47.408 Disk 0 trace - called modules:
14:01:47.455 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
14:01:47.471 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8d3c1030]
14:01:47.486 3 CLASSPNP.SYS[8e9618b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8afd4028]
14:01:47.502 Scan finished successfully
14:01:57.829 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
14:01:57.860 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


ok...here it is ..thanks...everything scanned this time.
painter12
Active Member
 
Posts: 9
Joined: February 19th, 2012, 12:32 pm

Re: Computer running very slowly ..think i have a virus

Unread postby mambass » February 23rd, 2012, 10:21 am

Hi painter12, :)

Only one antivirus product should ever be installed. The instructions below will remove Microsoft Security Essentials. If your license for Kaspersky 2011 has expired or if you do not plan to renew it when it expires then retain Microsoft Security Essentials and remove Kaspersky 2011 instead.

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Create a System Restore Point
    1. Go to Start, right-click on Computer and select Properties.
    2. In the left pane under Tasks, click System protection.
    3. If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
    4. Select System Protection ...then choose Create.
    5. In the System Restore dialog box, type a description for the restore point (e.g., Before OTL fix) and click Create again.
    6. A window should pop up with "The Restore Point was created successfully" message.
    7. Click OK and close the System Restore dialog.

      Note: If the message window was not displayed stating that the system restore point was created successfully then STOP - Do not continue with the steps below but rather reply to let me know what happened.

  2. Remove Programs Using Control Panel
    1. Click Start > Control Panel and then double-click on Programs and Features.
    2. For each program below, if it exists in the list of installed applications, right-click the Entry, choose Uninstall/Change, and give permission to Continue:

      Java(TM) 6 Update 5
      LiveUpdate (Symantec Corporation)
      Microsoft Security Essentials

      Take extra care in answering questions posed by any Uninstaller.

  3. Perform a Custom Fix with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      :processes
      killallprocesses
      :OTL
      O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
      O3 - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
      O3 - HKU\S-1-5-21-1310896333-4111929781-2163261088-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
      O20 - AppInit_DLLs: (I5????) - File not found
      [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" = 0
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring" = 0
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" = 0
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
      "DisableMonitoring" = 0 
      
      :Commands
      [CREATERESTOREPOINT]
      
      
    3. Close all running applications other than OTL.
    4. Click the Run Fix button at the top.
    5. Let the program run unhindered and reboot the PC when it is done.
    6. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    7. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  4. Install Java Runtime Environment
    1. Please goto http://www.oracle.com/technetwork/java/javase/downloads/index.html
    2. Find the section labeled Java SE 6 Update 31 and click on the JRE Download button. (DO NOT click the JDK Download button).
    3. Click the Accept License Agreement option.
    4. Find the Windows x86 Offline entry, click the jre-6u31-windows-i586.exe link and save the installer on your Desktop.
    5. Right-click the jre-6u31-windows-i586.exe icon on your Desktop and select Run As Administrator to install the newest version of Java.
      1. During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus. It's just adware.
      2. Also always UNCHECK any offer for Ask Toolbar during the installation of Java or any other product.
    6. When it finishes, you can remove the Installer from your desktop.

  5. Security Check
    1. Click here or here to download Security Check by screen317 and save it to your Desktop.
    2. Right-click the Security Check icon on your Desktop, select Run As Administrator and follow the onscreen instructions inside of the black box that will be displayed. Upon completion a Notepad window will open with the report.
    3. Copy the results from the Notepad window and paste them in your reply.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL Fix log.
  3. The contents of the Security Check report.
  4. A description of how your computer is running and any Malware symptoms that are still present.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Computer running very slowly ..think i have a virus

Unread postby painter12 » February 23rd, 2012, 5:20 pm

======== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
File C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll not found.
Registry value HKEY_USERS\S-1-5-21-1310896333-4111929781-2163261088-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1310896333-4111929781-2163261088-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ not found.
Registry value HKEY_USERS\S-1-5-21-1310896333-4111929781-2163261088-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
File C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:I5???? deleted successfully.
C:\Windows\System32\drivers\SET43F5.tmp deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | 0 /E : value set successfully!
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.33.1 log created on 02232012_154533

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Results of screen317's Security Check version 0.99.31
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Kaspersky Anti-Virus 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 31
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Kaspersky Lab Kaspersky Anti-Virus 2011 avp.exe
``````````End of Log````````````
painter12
Active Member
 
Posts: 9
Joined: February 19th, 2012, 12:32 pm

Re: Computer running very slowly ..think i have a virus

Unread postby mambass » February 24th, 2012, 7:33 am

Hi painter12, :)

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Download and run Malwarebytes Anti-Malware (Free for non-business use)
    1. Please hold down Ctrl then click here to open a new Malwarebytes window and then click on Download in the Free column.
    2. If a c/net download page is displayed then click on Download Now whereas if a Major Geeks page is displayed click on the Official Mirror button. In either case save the installer to your Desktop.
    3. You should now have a desktop icon named mbam-setup-(version).exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
    4. Right click it, choose Run as administrator and Continue
    5. Let it install where it wants to, with the default settings, and click Finish.
    6. If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
    7. If necessary, start Malwarebytes Anti-Malware again.
      (You can Decline any Offer for a Trial if you don't want the paid version)
    8. Once the program has started up, select Perform Quick Scan, then click Scan.
    9. When the scan is complete, click OK, then Show Results to view the results.
    10. If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    11. When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
    12. The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.


  2. ESET online scanner
    Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    1. Disable Kaspersky Anti-Virus 2011
      1. Close all windows/applications including all browser windows.
      2. Right-click the Kaspersky icon in your system tray near the clock and select the Pause protection… option.
      3. In the Pause protection window, select the option similar to "Protection will only be enabled when you decide to resume it".
    2. Open a browser window and go to http://www.eset.com/us/online-scanner/run
      • If Internet Explorer is being used then check Yes, I accept the Terms of Use and then click the Start button.
        Allow the ESET Scanner Active-X component to be installed if asked and click the Retry button if prompted to restart the download.

      • If a browser other than Internet Explorer is being used then click the esetsmartinstaller_enu.exe link and save the installer to your Desktop.
        Right-click on the installer and select Run As Administrator to run it.
        Check Yes, I accept the Terms of Use and click the Start button.
    3. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    4. Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    5. Now click on Start.
    6. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    7. When completed the Online Scan will begin automatically.
    8. Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    9. When the scan completes, press the text: Image
    10. Press the text: Image and then save the file to your Desktop as ESETScan.txt.
    11. Press the [Back] button and then press the [Finish] button.
    12. Copy and paste the contents of ESETScan.txt in your next reply.
      Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.
    13. Right-click the Kaspersky icon in your system tray near the clock and select the Resume protection… option.

  3. Check hard Drive for Errors
    1. Open Notepad and then copy and paste the following line into Notepad (Notepad is in Start, Programs, Accessories):
      Code: Select all
      cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
    2. Save the NotePad file like this:
      • Click on File from the top menu bar.
      • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
      • Choose Desktop as the location
      • Click Save.
    3. Right click on testhd.bat on your desktop and select Run As Administrator to run it.
    4. A Command Prompt box will pop up, then close after a couple minutes.
    5. Please post the contents of the checkhd.txt file from your desktop.
      If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

  4. UAC is disabled
    SecurityCheck indicated that User Account Control (UAC) has been disabled. Please let me know in your reply if this is something that has been done intentionally.

  5. Are you still experiencing problems?
    Please provide in your reply a description of how your computer is running and any Malware symptoms that are still present.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the Malwarebytes log.
  3. The contents of the ESET log.
  4. The contents of the checkhd.txt log.
  5. An indication as to whether UAC has been intentionally disabled.
  6. A description of how your computer is running and any Malware symptoms that are still present.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Computer running very slowly ..think i have a virus

Unread postby painter12 » February 25th, 2012, 2:33 pm

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.24.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

2/24/2012 2:42:06 PM
mbam-log-2012-02-24 (14-42-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185133
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
C:\Users\Owner\Documents\My Dropbox\Lemons\dante.exe a variant of Win32/Adware.OpenInstall application
yes UAC was disabled when i took my computer to a shop to see why it was running slow, about 3 weeks ago and they did it. however they said there was nothing wrong with this computer...but it was still painfully slow...so i came to your site for help. he type of the file system is NTFS.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
713 large file records processed.

0 bad file records processed.

0 EA records processed.

51 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
24632 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

143387475 KB total disk space.
61452432 KB in 135372 files.
76724 KB in 24633 indexes.
0 KB in bad sectors.
285075 KB in use by the system.
65536 KB occupied by the log file.
81573244 KB available on disk.

4096 bytes in each allocation unit.
35846868 total allocation units on disk.
20393311 allocation units available on disk.
Computer to still be running slowly...thank you
painter12
Active Member
 
Posts: 9
Joined: February 19th, 2012, 12:32 pm

Re: Computer running very slowly ..think i have a virus

Unread postby painter12 » February 25th, 2012, 2:42 pm

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

2/24/2012 2:42:06 PM
mbam-log-2012-02-24 (14-42-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185133
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
indows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

2/24/2012 2:42:06 PM
mbam-log-2012-02-24 (14-42-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185133
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
indows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

2/24/2012 2:42:06 PM
mbam-log-2012-02-24 (14-42-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185133
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
he type of the file system is NTFS.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
713 large file records processed.

0 bad file records processed.

0 EA records processed.

51 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
24632 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

143387475 KB total disk space.
61452432 KB in 135372 files.
76724 KB in 24633 indexes.
0 KB in bad sectors.
285075 KB in use by the system.
65536 KB occupied by the log file.
81573244 KB available on disk.

4096 bytes in each allocation unit.
35846868 total allocation units on disk.
20393311 allocation units available on disk.
indows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

2/24/2012 2:42:06 PM
mbam-log-2012-02-24 (14-42-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185133
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Yes Uac was disabled by a computer place about 3 weeks ago....i took this computer there to have it checked for virus and they said they found nothing and it was still running slowly so i found your site for help. And it still appears to be running slow..thanks
painter12
Active Member
 
Posts: 9
Joined: February 19th, 2012, 12:32 pm

Re: Computer running very slowly ..think i have a virus

Unread postby mambass » February 25th, 2012, 9:12 pm

Hi painter12, :)

  1. Scan file using VirusTotal
    1. Goto www.virustotal.com
    2. Click the Choose File button then navigate to and double-click on the following file:
      Code: Select all
      C:\Users\Owner\Documents\My Dropbox\Lemons\dante.exe
      
    3. Click the Scan it! button. Your file will be uploaded and analyzed.
      • Note: If a message is displayed indicating that the file was already analyzed, click the Reanalyse button so that your copy of the file will be analyzed.
    4. Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
      Example of web address :
      Image
    5. Please also include in your reply any information you can share concerning the purpose of the file that was scanned and how it came to be on your computer.

  2. DDS Scan
    Let's try the DDS scan one more time (see here for instructions).
    First try to run it with Kaspersky running. If that doesn't work then disable Kaspersky and try it again, however don't forget to re-enable Kaspersky after that.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The permalink (web address) of the VirusTotal scan.
  3. Information about the purpose of the scanned file and how it came to be on your computer.
  4. The contents of the DDS.txt and Attach.txt log files.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Computer running very slowly ..think i have a virus

Unread postby painter12 » February 26th, 2012, 1:41 pm

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Owner at 12:25:11 on 2012-02-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.848 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C2151F87-B6FE-4762-8BAB-B18FAEE7F158} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,
.
============= SERVICES / DRIVERS ===============
.
R? AdobeARMservice;Adobe Acrobat Update Service
R? AESTFilters;Andrea ST Filters Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
R? UMVPFSrv;UMVPFSrv
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AVP;Kaspersky Anti-Virus Service
S? FontCache;Windows Font Cache Service
S? IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service
S? kl2;kl2
S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter
S? klmouflt;Kaspersky Lab KLMOUFLT
.
=============== Created Last 30 ================
.
2012-02-24 19:53:09 -------- d-----w- c:\program files\ESET
2012-02-24 19:34:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 19:34:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 11:13:29 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c0c4ec38-6f47-4b0f-ae68-06dbe070175b}\mpengine.dll
2012-02-23 21:14:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 20:45:33 -------- d-----w- C:\_OTL
2012-02-19 16:59:19 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-19 16:59:14 -------- d-----w- c:\program files\Trend Micro
2012-02-19 01:04:31 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-02-16 06:26:40 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 06:26:35 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 06:26:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-31 11:02:55 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 11:02:55 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-31 11:02:55 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 11:02:55 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 11:02:54 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 11:02:54 72704 ----a-w- c:\windows\system32\secur32.dll
.
==================== Find3M ====================
.
2012-01-29 10:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-03 13:55:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:33:54.90 ===============


SHA256:

62622b7fd58ba562b927b53dff7e132ce37745730d3923c74df0fa37e71ac222





















File name:

dante.exe









Detection ratio:

3 / 43



Analysis date:

2012-02-26 17:11:41 UTC ( 1 minute ago )







0



0







Antivirus

Result

Update




AhnLab-V3

-

20120222



AntiVir

-

20120222



Antiy-AVL

-

20120213



Avast

-

20120223



AVG

-

20120223



BitDefender

-

20120223



ByteHero

-

20120225



CAT-QuickHeal

-

20120222



ClamAV

-

20120223



Commtouch

-

20120222



Comodo

UnclassifiedMalware

20120223



DrWeb

Adware.OpenInstall.1

20120223



Emsisoft

-

20120223



eSafe

-

20120221



eTrust-Vet

-

20120222



F-Prot

-

20120222



F-Secure

-

20120223



Fortinet

-

20120223



GData

-

20120223



Ikarus

-

20120223



Jiangmin

-

20120222



K7AntiVirus

-

20120222



Kaspersky

-

20120223



McAfee

-

20120223



McAfee-GW-Edition

-

20120222



Microsoft

-

20120222



NOD32

a variant of Win32/Adware.OpenInstall

20120223



Norman

-

20120222



nProtect

-

20120222



Panda

-

20120222



PCTools

-

20120221



Prevx

-

20120226



Rising

-

20120223



Sophos

-

20120223



SUPERAntiSpyware

-

20120206



Symantec

-

20120223



TheHacker

-

20120222



TrendMicro

-

20120222



TrendMicro-HouseCall

-

20120223



VBA32

-

20120222



VIPRE

-

20120222



ViRobot

-

20120222



VirusBuster

-

20120222

Comments
Additional information



No comments



















































You have not signed in. Only registered users can leave comments, sign in and have a voice!
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/11/2008 4:39:37 PM
System Uptime: 2/26/2012 9:11:50 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | Microprocessor | 800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 78.954 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.563 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
BufferChm
C6300
C6300_Help
CameraHelperMsi
Cards_Calendar_OrderGift_DoMorePlugout
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
D1400
D1400_Help
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Destination Component
DeviceDiscovery
Digital Line Detect
DING!
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
DocProc
DocProcQFolder
Dropbox
EDocs
erLT
ESET Online Scanner v3
Evernote v. 4.1
Garmin City Navigator North America NT 2009 Update
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService
GPBaseService2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 11.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 11.0
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iCloud
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Kaspersky Anti-Virus 2011
LG USB Modem driver
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Music, Photos & Videos Launcher
NetWaiting
Network
OCR Software by I.R.I.S. 11.0
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PanoStandAlone
Photo Viewer 2.3
PrintMaster Platinum 18
Product Documentation Launcher
PS_AIO_04_C6300_ProductContext
PS_AIO_04_C6300_Software
PS_AIO_04_C6300_Software_Min
PSSWCORE
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
The Interactive e-Book of The Beneficiary Book Version 2.0
The Print Shop Premier Edition 5.0
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
WebEx Support Manager for Internet Explorer
WebReg
.
==== Event Viewer Messages From Past Week ========
.
2/26/2012 9:14:28 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
2/26/2012 9:12:57 AM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
2/26/2012 9:12:57 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/26/2012 9:12:09 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2/26/2012 10:51:07 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
2/26/2012 10:50:56 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 2C-41-38-BF-D7-9A. Network operations on this system may be disrupted as a result.
2/26/2012 10:50:56 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 002268CBEBF0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/24/2012 2:19:28 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/23/2012 3:53:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
2/23/2012 3:53:42 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/21/2012 1:56:26 PM, Error: EventLog [6008] - The previous system shutdown at 1:53:55 PM on 2/21/2012 was unexpected.
2/20/2012 10:05:24 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
.
==== End Of File ===========================
the scanned file was sent from a friend...think it was a joke...not sure.
Sign in Join the community not sure what u wanted but did not get a webpage to post
painter12
Active Member
 
Posts: 9
Joined: February 19th, 2012, 12:32 pm

Re: Computer running very slowly ..think i have a virus

Unread postby mambass » February 27th, 2012, 6:06 pm

Hi painter12, :)

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Disable Windows Defender
    Kaspersky provides the same capabilities.
    1. Click Start > Control Panel.
    2. Click Classic View in the left side column and then click Windows Defender.
    3. Click Tools and then, under Settings, click Options.
    4. Under the Administrator section uncheck (untick) the Use this program box.
    5. Click the Save button.

  2. Reboot (restart) your computer

  3. Run DDS again
    The DDS log had some abnormalities.
    Please run DDS again making sure that you right-click the program's icon and then select "Run As Administrator".
    Please include both the DDS.txt and Attach.txt logs in your reply.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the DDS.txt and Attach.txt logs.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Computer running very slowly ..think i have a virus

Unread postby painter12 » February 28th, 2012, 3:35 pm

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Owner at 14:15:05 on 2012-02-28
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Owner\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C2151F87-B6FE-4762-8BAB-B18FAEE7F158} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,
.
============= SERVICES / DRIVERS ===============
.
R? AdobeARMservice;Adobe Acrobat Update Service
R? AESTFilters;Andrea ST Filters Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
R? PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver
R? UMVPFSrv;UMVPFSrv
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AVP;Kaspersky Anti-Virus Service
S? FontCache;Windows Font Cache Service
S? IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service
S? kl2;kl2
S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter
S? klmouflt;Kaspersky Lab KLMOUFLT
.
=============== Created Last 30 ================
.
2012-02-28 14:09:17 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c3fd7eb4-725f-44f8-9a35-0f0b6ce19862}\mpengine.dll
2012-02-24 19:53:09 -------- d-----w- c:\program files\ESET
2012-02-24 19:34:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 19:34:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-23 21:14:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 20:45:33 -------- d-----w- C:\_OTL
2012-02-19 16:59:19 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-19 16:59:14 -------- d-----w- c:\program files\Trend Micro
2012-02-19 01:04:31 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-02-16 06:26:40 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 06:26:35 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 06:26:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-31 11:02:55 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 11:02:55 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-31 11:02:55 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 11:02:55 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 11:02:54 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 11:02:54 72704 ----a-w- c:\windows\system32\secur32.dll
.
==================== Find3M ====================
.
2012-01-29 10:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-03 13:55:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:29:42.21 ===============
NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/11/2008 4:39:37 PM
System Uptime: 2/28/2012 1:53:44 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | Microprocessor | 800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 77.338 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.563 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
BufferChm
C6300
C6300_Help
CameraHelperMsi
Cards_Calendar_OrderGift_DoMorePlugout
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
D1400
D1400_Help
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Destination Component
DeviceDiscovery
Digital Line Detect
DING!
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
DocProc
DocProcQFolder
Dropbox
EDocs
erLT
ESET Online Scanner v3
Evernote v. 4.1
Garmin City Navigator North America NT 2009 Update
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService
GPBaseService2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 11.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 11.0
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iCloud
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Kaspersky Anti-Virus 2011
LG USB Modem driver
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Music, Photos & Videos Launcher
NetWaiting
Network
OCR Software by I.R.I.S. 11.0
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PanoStandAlone
Photo Viewer 2.3
PrintMaster Platinum 18
Product Documentation Launcher
PS_AIO_04_C6300_ProductContext
PS_AIO_04_C6300_Software
PS_AIO_04_C6300_Software_Min
PSSWCORE
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
The Interactive e-Book of The Beneficiary Book Version 2.0
The Print Shop Premier Edition 5.0
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
WebEx Support Manager for Internet Explorer
WebReg
.
==== Event Viewer Messages From Past Week ========
.
2/28/2012 1:58:09 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/28/2012 1:58:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
2/28/2012 1:57:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
2/28/2012 1:57:36 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/28/2012 1:56:12 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
2/28/2012 1:54:55 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
2/28/2012 1:54:55 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/28/2012 1:54:04 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2/26/2012 10:51:07 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
2/26/2012 10:50:56 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 2C-41-38-BF-D7-9A. Network operations on this system may be disrupted as a result.
2/26/2012 10:50:56 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 002268CBEBF0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/24/2012 2:19:28 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2012 2:19:28 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/21/2012 1:56:26 PM, Error: EventLog [6008] - The previous system shutdown at 1:53:55 PM on 2/21/2012 was unexpected.
.
==== End Of File ===========================
painter12
Active Member
 
Posts: 9
Joined: February 19th, 2012, 12:32 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 150 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware