Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dell Laptop running terribly slow


  • This topic is locked This topic is locked
19 replies to this topic

#1 jim.diel

jim.diel

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 05 January 2011 - 10:05 AM

I am using a Dell Inspiron 5100 with an Intel Pentium 4 CPU 2.80 GHz and 1.25 GB of RAM. Running Windows XP Service Pack 3. The laptop used to be fairly quick, but over time it has gotten to where it takes about 10 or 15 minutes from boot up to the point where I can run anything (firefox, shared docs for the network, etc.). It's horrible!Attached File  hijackthis.log   8.25KB   1 downloads I have run SpyBot and Malwarebites and AVG Free but have come up with nothing. Any help would be greatly appreciated. This is a work pc, and I am employed by a non-profit so there isn't much of a budget for purchasing a new one. Thanks for your time and expertise in advance.

Here's the log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:35:54 AM, on 1/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MozyPro\mozyprostat.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus C88 Series on RTB2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P36 "Auto EPSON Stylus C88 Series on RTB2" /O15 "\\RTB2\Printer2" /M "Stylus C88"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: MozyPro Status.lnk = C:\Program Files\MozyPro\mozyprostat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .NPSSView: c:\program files\mozilla firefox\plugins\NPssView.dll
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://www.etoreports.com/viewer9/activeXViewer/activexviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155660044458
O17 - HKLM\System\CCS\Services\Tcpip\..\{47262414-2F83-4F56-8E2E-3DEF5680EE56}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MozyPro Backup Service (mozyprobackup) - Mozy, Inc. - C:\Program Files\MozyPro\mozyprobackup.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8448 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:42 PM

Posted 10 January 2011 - 07:18 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 jim.diel

jim.diel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 10 January 2011 - 09:46 AM

I am using XP home. 32bit system. I do not have the install CD.

Here is the text from the OTL scan:

OTL logfile created on: 1/10/2011 10:10:48 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 29.85 Gb Free Space | 53.41% Space Free | Partition Type: NTFS
Drive D: | 199.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-E8AE98FF1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/10 09:47:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/12/15 13:02:16 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/15 13:01:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/04 11:33:40 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyPro\mozyprostat.exe
PRC - [2009/08/28 08:39:15 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 08:38:57 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/01/30 14:00:04 | 000,078,136 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyPro\mozyprobackup.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/01 09:15:04 | 000,157,264 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
PRC - [2007/03/25 20:49:45 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/01/27 03:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABA.EXE
PRC - [2004/05/13 19:23:56 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/01/10 09:47:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/05/24 21:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2004/05/13 19:23:50 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/12/02 11:38:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/28 08:38:57 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/01/30 14:00:04 | 000,078,136 | ---- | M] (Mozy, Inc.) [Auto | Running] -- C:\Program Files\MozyPro\mozyprobackup.exe -- (mozyprobackup)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/05/01 09:15:04 | 000,157,264 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2007/03/25 20:49:45 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009/08/28 08:39:14 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 08:39:14 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/24 14:00:38 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mozypro.sys -- (mozyproFilter)
DRV - [2006/08/19 08:30:29 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/11/02 12:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 14:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/10/27 15:05:10 | 000,022,144 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM851X.sys -- (ADM851X)
DRV - [2004/06/28 11:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2004/05/13 19:19:22 | 000,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/29 13:13:32 | 000,587,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/12/17 10:41:36 | 000,042,368 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-73586283-1935655697-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-73586283-1935655697-1060284298-500\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-73586283-1935655697-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:3.0.31.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 12:12:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/04 13:06:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/10/26 07:26:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 13:02:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 13:02:43 | 000,000,000 | ---D | M]

[2008/09/18 16:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/01/10 09:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vmf13xmx.default\extensions
[2010/09/10 11:28:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vmf13xmx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/05 09:37:56 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vmf13xmx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/05/24 15:15:22 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vmf13xmx.default\extensions\2020Player@2020Technologies.com
[2011/01/10 10:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/26 15:11:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 10:58:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/08 17:08:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/10 10:01:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/12/21 12:12:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2008/12/01 13:53:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2002/10/28 03:01:40 | 000,091,713 | ---- | M] (Crystal Decisions) -- C:\Program Files\Mozilla Firefox\plugins\npssview.dll

O1 HOSTS File: ([2010/01/05 15:02:52 | 000,371,233 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12798 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-73586283-1935655697-1060284298-500\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-73586283-1935655697-1060284298-500\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus C88 Series on RTB2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk = C:\Program Files\MozyPro\mozyprostat.exe (Mozy, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1935655697-1060284298-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-1935655697-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-73586283-1935655697-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-73586283-1935655697-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-73586283-1935655697-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-73586283-1935655697-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-73586283-1935655697-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-73586283-1935655697-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-73586283-1935655697-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .NPSSView - c:\Program Files\Mozilla Firefox\plugins\npssview.dll (Crystal Decisions)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.etoreports.com/viewer9/activeXViewer/activexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155660044458 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 4.2.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/14 16:55:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{12a38740-4df1-11dd-a3fb-000d56b6cefb}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{12a38741-4df1-11dd-a3fb-000d56b6cefb}\Shell - "" = AutoRun
O33 - MountPoints2\{12a38741-4df1-11dd-a3fb-000d56b6cefb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12a38741-4df1-11dd-a3fb-000d56b6cefb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1a3d1b20-a18a-11df-a5c9-00904b6ebb0c}\Shell - "" = AutoRun
O33 - MountPoints2\{1a3d1b20-a18a-11df-a5c9-00904b6ebb0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1a3d1b20-a18a-11df-a5c9-00904b6ebb0c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c1236752-ced1-11de-a529-000d56b6cefb}\Shell - "" = AutoRun
O33 - MountPoints2\{c1236752-ced1-11de-a529-000d56b6cefb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1236752-ced1-11de-a529-000d56b6cefb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{edb8b15b-17f5-11df-a55a-000d56b6cefb}\Shell - "" = AutoRun
O33 - MountPoints2\{edb8b15b-17f5-11df-a55a-000d56b6cefb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{edb8b15b-17f5-11df-a55a-000d56b6cefb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpReg: Auto EPSON Stylus C88 Series on RTB2009 - hkey= - key= - File not found
MsConfig - StartUpReg: EPSON Stylus C88 Series - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: Symantec PIF AlertEng - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 10:01:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/10 10:01:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/10 10:01:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/06 11:13:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/05 10:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2011/01/04 17:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/01/04 17:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/04 16:47:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/12/15 11:07:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 11:05:26 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/13 10:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Millers
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/10 09:25:38 | 069,977,293 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/01/10 09:19:46 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/10 09:17:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/07 14:31:43 | 000,005,106 | ---- | M] () -- C:\WINDOWS\mozypro.flt
[2011/01/07 14:31:43 | 000,004,746 | ---- | M] () -- C:\WINDOWS\mozypro.blk
[2011/01/07 10:47:44 | 000,000,446 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SharedDocs on RTB2 (Rtb2).lnk
[2011/01/05 09:29:50 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/03 17:31:02 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RTB's ideal inspection form.doc
[2010/12/23 10:38:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/20 17:24:51 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RTB Staff Repair Schedule.doc
[2010/12/17 10:33:06 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Reimbursement Request Form - 12.10-12.17.xls
[2010/12/15 13:39:15 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/04 17:29:12 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/01/03 17:31:02 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RTB's ideal inspection form.doc
[2010/12/17 10:30:42 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Reimbursement Request Form - 12.10-12.17.xls
[2010/02/26 15:37:36 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2009/10/27 18:22:08 | 004,835,652 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/27 18:16:44 | 001,632,375 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/10/27 18:16:12 | 000,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/27 18:10:02 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/27 17:46:26 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/27 17:28:08 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/16 18:58:06 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/16 18:57:06 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/16 18:04:24 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/16 18:04:08 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/16 18:03:48 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/16 18:03:44 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/16 18:03:40 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/16 15:53:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/16 15:53:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/16 14:40:42 | 000,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/16 14:38:20 | 000,914,464 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/19 09:34:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2009/03/31 10:57:38 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/01/13 16:30:42 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/10 17:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 17:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 17:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 17:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 17:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 17:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 17:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 17:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 17:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 17:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/01/07 11:09:56 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/01/05 09:25:53 | 000,018,073 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/12/03 17:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/23 13:39:28 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP23.INI
[2008/09/22 13:34:53 | 000,000,074 | ---- | C] () -- C:\WINDOWS\EPSONC88.ini
[2008/09/22 13:33:42 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/09/12 13:08:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/01 16:10:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/09/01 16:10:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/09/01 16:10:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/07/20 11:48:28 | 000,000,035 | ---- | C] () -- C:\WINDOWS\sunkist.ini
[2006/12/20 22:44:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2006/11/15 11:14:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/10/05 12:51:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/10/05 12:46:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERF4490.ini
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/09/09 08:53:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/14 17:05:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2006/08/14 17:05:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/08/14 17:05:08 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/08/14 12:36:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/11 10:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

Edited by jim.diel, 10 January 2011 - 10:25 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:42 PM

Posted 10 January 2011 - 02:07 PM

Hi,

could you please run a scan with RootkitUnhooker next:
Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 jim.diel

jim.diel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 10 January 2011 - 03:03 PM

Here's the log from rootkit unhooker scan:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9AF3000 C:\WINDOWS\system32\DRIVERS\BCMSM.sys 1101824 bytes (Broadcom Corporation, Modem Device Driver)
0xBF060000 C:\WINDOWS\System32\ati3d1ag.dll 851968 bytes (ATI Technologies Inc. , ati3d1ag.dll)
0xB9CED000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 622592 bytes (ATI Technologies Inc., ATI Radeon Miniport Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA860C000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB47D0000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA86F1000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA832F000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA8595000 C:\WINDOWS\System32\Drivers\avgldx86.sys 331776 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA78B4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9C24000 C:\WINDOWS\system32\drivers\stac97.sys 266240 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xB482E000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA83D7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7843000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9C88000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 184320 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xA867C000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA86C9000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7494000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA85E6000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9C00000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9CB5000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9C65000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA86A7000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF745C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7829000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF747C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA856C000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7870000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9ADC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA7F35000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9CD9000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xA874A000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xA877D000 C:\WINDOWS\system32\DRIVERS\mozypro.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF744A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9ACB000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA8584000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF7887000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7697000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7607000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB4BE4000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF76B7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA80C2000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB5630000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7617000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7657000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF740A000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA736000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7677000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF741A000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xB4C04000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB5660000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB5680000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF742A000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA726000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB5620000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA7BF5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7667000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB4BF4000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77EF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB52EF000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB5307000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB9711000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB52E7000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB7DC9000 C:\WINDOWS\system32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB52FF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB52F7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB7D91000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB7D89000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77A7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA84EC000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA7F4000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB9528000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA8520000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA7E0000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB9D9D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7DC000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB4FD1000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79F3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798D000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF798F000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79F1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79BD000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79BF000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79DD000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79AF000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A74000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB4C85000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB4A95000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:42 PM

Posted 10 January 2011 - 03:29 PM

Hi,

I see services from Symantec, are you using a utility from them? Otherwise I would suggest we remove those services and see if that improves the boot up time.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 jim.diel

jim.diel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 10 January 2011 - 04:49 PM

Nothing from symantec. might be left over from the software that came from the computer.

How do I go about removing these items?

Thank you sooooo much for your time!!

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:42 PM

Posted 10 January 2011 - 05:24 PM

Hi,

please run the norton removal tool then:
Please click HERE and follow the instructions in STEP 3 to download and run the norton removal tool.

You're welcome! :)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 jim.diel

jim.diel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 11 January 2011 - 09:44 AM

I ran the Norton uninstaller and restarted the system. Still loading up very, very slow. Any other things you noticed on the reports? Much appreciated! Jim

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:42 PM

Posted 11 January 2011 - 02:47 PM

Hi,

is the reboot in safe mode equally slow? If not it might be one of your applications slowing you down.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 jim.diel

jim.diel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 11 January 2011 - 03:42 PM

Reboot in safe mode was slightly quicker, but not by much.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:42 PM

Posted 12 January 2011 - 05:37 AM

Hi,

please run a chkdsk next:
1. Run Chkdsk
Running chkdsk may take some time to complete. Please be patient and do not use the computer, press any keys, or try to stop the chkdsk scan once it has started.
  • Right-click the Start button and select Explore
  • Navigate to your C: Drive, then right-click the drive and select Properties
  • In the Properties window that pops-up, click the Tools tab and then click on the button that says Check Now
  • If the User Account Control window pops-up asking for permission to run Check Disk, please click on Continue
  • In the Check Disk Options window that pops-up, place a check-mark in both boxes:
    • Automatically fix file system errors
    • Scan for and attempt recovery of bad sectors
  • Now click on Start.
  • A new window will pop-up saying, Windows can't check the disk while it's in use, click schedule disk check
  • Now shut-down your computer, not restart, and then turn on your computer.
  • When your computer turns on, you will see a blcak screen with white lettering, this is chkdsk running.
  • Let chkdsk run through its 5 Stages. When it is finished, your computer will boot to the desktop.
2. Chkdsk Log
  • Click on Start, then Run.
  • Copy and paste the following bold text in to the Open: box:
    • eventvwr.msc /s
  • This will bring up the Event Viewer window
  • In the left panel click on Application
  • The chkdsk log should be the first entry, with a source of Wininit. If it is not the first log:
    • Click on View, and then on Newest First
    • This should place the chkdsk log at the top of the list.
  • Click on the entry once
  • Now right-click on the entry and choose Properties.
  • In the window that pops-up, click on Posted Image (this will copy the log).
  • Paste the log in a Reply to this topic.

I don't believe that the issue is related to malware at this point.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 jim.diel

jim.diel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 13 January 2011 - 01:24 PM

I ran the chkdsk utility. The log is not listed as you state in the post. I attached a word doc with a print screen image of the event viewer. Can you see which is the chkdsk log? If so, let me know which one it is and I will get it posted fast. Thanks again Myrti

Attached Files



#14 jim.diel

jim.diel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 13 January 2011 - 03:31 PM

Think I got it:


Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 1/13/2011
Time: 1:05:19 PM
User: N/A
Computer: OWNER-E8AE98FF1
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 4 unused index entries from index $SII of file 0x9.
Cleaning up 4 unused index entries from index $SDH of file 0x9.
Cleaning up 4 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

58597055 KB total disk space.
26918808 KB in 89658 files.
35132 KB in 8654 indexes.
4 KB in bad sectors.
208271 KB in use by the system.
65536 KB occupied by the log file.
31434840 KB available on disk.

4096 bytes in each allocation unit.
14649263 total allocation units on disk.
7858710 allocation units available on disk.

Internal Info:
c0 8d 01 00 14 80 01 00 d1 3d 02 00 00 00 00 00 .........=......
dc 1b 00 00 02 00 00 00 10 08 00 00 00 00 00 00 ................
60 60 fa 15 00 00 00 00 90 f1 ad 97 00 00 00 00 ``..............
50 aa c2 34 00 00 00 00 00 a2 20 c3 16 00 00 00 P..4...... .....
40 f0 51 58 04 00 00 00 30 21 1c 20 1c 00 00 00 @.QX....0!. ....
99 9e 36 00 00 00 00 00 90 38 07 00 3a 5e 01 00 ..6......8..:^..
00 00 00 00 00 60 fe 6a 06 00 00 00 ce 21 00 00 .....`.j.....!..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:42 PM

Posted 16 January 2011 - 05:54 AM

Hi,

this good indicate that your hard drive is starting to die:

4 KB in bad sectors.


Make sure you have backups on anything important on that drive, just in case. If the number of KB in bad sectors is stable you may be fine, however if the number starts increasing the drive is dying.

I would like you to run a sfc check next:
Go to the Run box on the Start Menu and type in:

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

More info on this process can be found here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users