« previous next »
Pages: [1] 2   Go Down

Author Topic: Major slowdown  (Read 1366 times)

0 Members and 1 Guest are viewing this topic.

Offline the GJ

  • Newbie
  • *
  • Posts: 11
Major slowdown
« on: February 06, 2011, 04:28:43 AM »


Web pages won't load without hitting refresh, and then never finish. Boot up has become a lot slower, and other minor quirks are creeping into my computer's performance. I have done some hardware checks, defragged, tried closing different browser add ons, run Kaspersky and microsoft's malware removal tool and website scan, all to no avail. Help!
Thanks, GJ
 
  Ps I have tried in both ie explorer and firefox and I can't paste my logs! they are saved in my documents folder.
 
Logged

Offline the GJ

  • Newbie
  • *
  • Posts: 11
major slowdown redux
« Reply #1 on: February 06, 2011, 04:16:39 PM »
Hooray! I've found the attach button.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Major slowdown
« Reply #2 on: February 06, 2011, 08:23:16 PM »
Logs copy/pasted rather than attached.

 Results of screen317's Security Check version 0.99.7 
 Windows XP Service Pack 3 
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Kaspersky Internet Security 2011   
```````````````````````````````
Anti-malware/Other Utilities Check:
 HijackThis 2.0.2   
 CCleaner     
 Adobe Flash Player 10.1.102.64 
Adobe Reader X
 Mozilla Firefox (3.6.13)
 Mozilla Thunderbird (3.1.7)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Kaspersky Lab Kaspersky Internet Security 2011 avp.exe 
``````````End of Log````````````

Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2011-02-05 18:55:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 55 GB (72%) free of 76 GB
Total RAM: 1023 MB (64% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [2010-07-01 68280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [2010-07-01 191160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-09-27 352976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2010-01-26 1337608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nmolarez]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vxekokabad]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -systray -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2010-08-06 1154848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~3\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2010-07-01 228024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=0x10000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDriveTypeAutoRun"=28
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\setup\HPZNUI01.EXE"="D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\PlanSwift9\PlanSwift.exe"="C:\Program Files\PlanSwift9\PlanSwift.exe:*:Disabled:PlanSwift"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2011-02-05 18:55:35 ----D---- C:\rsit
2011-02-05 18:54:33 ----D---- C:\WINDOWS\ERDNT
2011-02-05 18:54:04 ----D---- C:\Program Files\ERUNT
2011-02-04 10:22:27 ----D---- C:\Program Files\Windows Live Safety Center
2011-01-27 20:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2011-01-27 19:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2011-01-27 19:20:17 ----D---- C:\WINDOWS\system32\XPSViewer
2011-01-27 19:19:59 ----D---- C:\Program Files\MSBuild
2011-01-27 19:19:48 ----D---- C:\Program Files\Reference Assemblies
2011-01-26 18:13:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-26 18:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2011-01-26 18:09:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2011-01-26 18:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2011-01-26 18:08:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2011-01-26 18:08:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2011-01-26 18:08:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2011-01-26 18:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2011-01-26 18:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2011-01-26 18:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2011-01-26 18:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2011-01-26 18:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2011-01-26 18:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2011-01-26 18:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2011-01-26 18:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2011-01-26 18:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2011-01-26 18:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2011-01-26 18:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2011-01-26 18:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2011-01-26 18:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2011-01-26 18:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2011-01-26 18:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2011-01-26 18:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2011-01-26 18:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2011-01-26 18:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2011-01-26 18:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2011-01-26 18:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2011-01-26 18:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2011-01-26 18:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-01-26 12:25:06 ----D---- C:\Program Files\Common Files\Adobe
2011-01-26 12:20:23 ----D---- C:\Program Files\Adobe
2011-01-26 12:20:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-01-26 12:20:21 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-01-26 11:39:30 ----D---- C:\Program Files\PDFArea
2011-01-26 11:39:30 ----A---- C:\WINDOWS\system32\Codejock.CommandBars.Unicode.v11.2.0.ocx
2011-01-24 15:49:43 ----D---- C:\Program Files\PlanSwift9

======List of files/folders modified in the last 3 months======

2011-02-05 18:55:18 ----D---- C:\WINDOWS\Temp
2011-02-05 18:54:33 ----D---- C:\WINDOWS
2011-02-05 18:54:30 ----D---- C:\WINDOWS\Prefetch
2011-02-05 18:54:04 ----RD---- C:\Program Files
2011-02-05 18:50:19 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-05 17:42:25 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2011-02-05 11:44:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-04 10:37:25 ----HD---- C:\WINDOWS\inf
2011-02-04 10:22:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-02-03 13:42:31 ----ASH---- C:\boot.ini
2011-02-03 13:42:31 ----A---- C:\WINDOWS\win.ini
2011-02-03 13:42:31 ----A---- C:\WINDOWS\system.ini
2011-02-02 14:22:33 ----D---- C:\Program Files\CCleaner
2011-01-29 10:18:41 ----D---- C:\WINDOWS\Debug
2011-01-28 19:01:26 ----D---- C:\CADVANCE
2011-01-27 21:24:57 ----D---- C:\WINDOWS\system32
2011-01-27 21:24:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-01-27 21:20:58 ----HD---- C:\Config.Msi
2011-01-27 20:49:33 ----D---- C:\WINDOWS\Microsoft.NET
2011-01-27 20:49:24 ----RSD---- C:\WINDOWS\assembly
2011-01-27 20:41:15 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-27 20:40:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-27 20:39:05 ----SHD---- C:\WINDOWS\Installer
2011-01-27 20:36:56 ----D---- C:\WINDOWS\WinSxS
2011-01-27 19:20:04 ----D---- C:\WINDOWS\system32\en-US
2011-01-27 19:19:55 ----RSD---- C:\WINDOWS\Fonts
2011-01-27 19:13:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-01-27 19:13:21 ----D---- C:\WINDOWS\system32\drivers
2011-01-26 18:14:40 ----D---- C:\Program Files\Internet Explorer
2011-01-26 18:09:31 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-26 18:02:32 ----D---- C:\Program Files\Movie Maker
2011-01-26 12:58:37 ----D---- C:\WINDOWS\Help
2011-01-26 12:39:19 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2011-01-26 12:39:19 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2011-01-26 12:25:06 ----D---- C:\Program Files\Common Files
2011-01-26 11:45:50 ----D---- C:\Program Files\Foxit Software
2011-01-04 17:20:14 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-11 07:36:06 ----D---- C:\Program Files\Mozilla Thunderbird
2010-11-18 10:12:44 ----A---- C:\WINDOWS\system32\isign32.dll
2010-11-09 06:52:35 ----A---- C:\WINDOWS\system32\odbc32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore3;hc3ServiceName; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2010-08-25 56208]
R0 kl1;kl1; C:\WINDOWS\system32\drivers\kl1.sys [2010-06-09 132184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys [2010-06-09 11352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-09-27 475736]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2010-08-25 395464]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2010-08-25 37080]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2010-05-07 32856]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-17 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-17 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-17 21568]
S3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-11-02 19472]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S4 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
S4 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-09-27 352976]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2010-08-06 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-05-15 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2009-07-23 61440]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 ALLN;ALLN; C:\DOCUME~1\Owner\LOCALS~1\Temp\ALLN.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2011-02-05 18:55:42

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{B7B3E9B3-FB14-4927-894B-E9124509AF5A}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Bulldozer-->"C:\Program Files\Bulldozer\uninstall.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet All-In-One Series-->C:\Program Files\HP\Digital Imaging\{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}\setup\hpzscr01.exe -datfile hpwscr20.dat -forcereboot
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Image to PDF Converter Free 3.0-->"C:\Program Files\PDFArea\Image to PDF Converter Free\unins000.exe"
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Kaspersky Internet Security 2011-->MsiExec.exe /I{66F1F013-008F-4875-B283-5A814B820347}
Kaspersky Internet Security 2011-->MsiExec.exe /I{66F1F013-008F-4875-B283-5A814B820347}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2003 Primary Interop Assemblies-->MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio 2005 Tools for Office Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Mozilla Firefox (3.6.13)-->C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.1.7)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Paragon Backup & Recovery™ 2010 Free Advanced-->MsiExec.exe /I{C268B5E1-A5DA-11DF-A289-005056C00008}
QuickBooks Pro 2010-->msiexec.exe /I {06A9E630-DBA6-4D92-9DE7-A235AA6496C7} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2010" ADDREMOVE=1
QuickBooks-->MsiExec.exe /I{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}
QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Shredder Classic 2-->"C:\Program Files\ShredderChess\Shredder Classic 2\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Hosts File Missing
======Security center information======

AV: Kaspersky Internet Security (disabled)
FW: Kaspersky Internet Security (disabled)

======System event log======

Computer Name: GJCTANDFRIENDS
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 333
Source Name: Service Control Manager
Time Written: 20101210120312.000000-480
Event Type: error
User:

Computer Name: GJCTANDFRIENDS
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 306
Source Name: Service Control Manager
Time Written: 20101209135816.000000-480
Event Type: error
User:

Computer Name: GJCTANDFRIENDS
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 285
Source Name: Service Control Manager
Time Written: 20101209101017.000000-480
Event Type: error
User:

Computer Name: GJCTANDFRIENDS
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 263
Source Name: Service Control Manager
Time Written: 20101209070433.000000-480
Event Type: error
User:

Computer Name: GJCTANDFRIENDS
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 257
Source Name: Tcpip
Time Written: 20101208133558.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: GJCTANDFRIENDS
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledSPRetry 908704

Record Number: 117112
Source Name: Bonjour Service
Time Written: 20101004195231.000000-420
Event Type: error
User:

Computer Name: GJCTANDFRIENDS
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledEvent 908704

Record Number: 117111
Source Name: Bonjour Service
Time Written: 20101004195231.000000-420
Event Type: error
User:

Computer Name: GJCTANDFRIENDS
Event Code: 100
Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 117110
Source Name: Bonjour Service
Time Written: 20101004195231.000000-420
Event Type: error
User:

Computer Name: GJCTANDFRIENDS
Event Code: 1517
Message: Windows saved user GJCTANDFRIENDS\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 117103
Source Name: Userenv
Time Written: 20101004170543.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GJCTANDFRIENDS
Event Code: 1517
Message: Windows saved user GJCTANDFRIENDS\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 117090
Source Name: Userenv
Time Written: 20101003110417.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"STACKS"=0,0
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Major slowdown
« Reply #3 on: February 06, 2011, 08:25:54 PM »
Hi, the GJ.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    Update Malwarebytes' Anti-Malware and
    Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline the GJ

  • Newbie
  • *
  • Posts: 11
Re: Major slowdown
« Reply #4 on: February 06, 2011, 09:55:27 PM »
thanks Corrine, I've done as you directed and here is the log, thank you.

Edit Note:  Log copy/pasted by Corrine

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5697

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/6/2011 2:39:07 PM
mbam-log-2011-02-06 (14-39-07).txt

Scan type: Quick scan
Objects scanned: 149957
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Major slowdown
« Reply #5 on: February 06, 2011, 10:14:49 PM »
Hi, the GJ.  I copy/pasted the log in your reply.  It makes it much easier to review things that way.

How is your computer now?
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline the GJ

  • Newbie
  • *
  • Posts: 11
Re: Major slowdown
« Reply #6 on: February 07, 2011, 12:06:10 AM »
Thanks Corrine, I'm learning. Unfortunately it is the same as it was.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Major slowdown
« Reply #7 on: February 07, 2011, 01:41:06 AM »
Hi, the GJ.

I see that at one time you had Advanced SystemCare 3 installed on your computer.  I hope it didn't do any damage.  Since the RootRepeal log wasn't useful, let's see what this shows.  Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline the GJ

  • Newbie
  • *
  • Posts: 11
Re: Major slowdown
« Reply #8 on: February 07, 2011, 03:57:02 AM »
ok Corrine, next step, here is the combofix log

Edit Note:  Please copy/paste logs rather than attaching them.  Thank you.  Corrine

ComboFix 11-02-05.01 - Owner 02/06/2011  20:24:33.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.632 [GMT -8:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}
c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}\chrome\content\c.js
c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}\install.rdf
c:\windows\system\VCL35.BPL

.
(((((((((((((((((((((((((   Files Created from 2011-01-07 to 2011-02-07  )))))))))))))))))))))))))))))))
.

2011-02-06 22:23 . 2010-12-21 02:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-06 22:23 . 2011-02-06 22:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-02-06 22:23 . 2010-12-21 02:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-06 03:00 . 2011-02-06 03:00   --------   d-----w-   c:\program files\Belarc
2011-02-06 03:00 . 2008-02-27 20:49   3840   ----a-w-   c:\windows\system32\drivers\BANTExt.sys
2011-02-06 02:55 . 2011-02-06 02:56   --------   d-----w-   C:\rsit
2011-02-06 02:54 . 2011-02-06 02:54   --------   d-----w-   c:\program files\ERUNT
2011-02-04 18:22 . 2011-02-04 18:37   --------   d-----w-   c:\program files\Windows Live Safety Center
2011-01-28 03:20 . 2011-01-28 03:20   --------   d-----w-   c:\windows\system32\XPSViewer
2011-01-28 03:19 . 2011-01-28 03:19   --------   d-----w-   c:\program files\MSBuild
2011-01-28 03:19 . 2011-01-28 03:19   --------   d-----w-   c:\program files\Reference Assemblies
2011-01-27 02:34 . 2011-01-27 02:34   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2011-01-27 01:54 . 2010-11-02 15:17   40960   -c----w-   c:\windows\system32\dllcache\ndproxy.sys
2011-01-27 01:52 . 2010-09-18 06:53   974848   -c----w-   c:\windows\system32\dllcache\mfc42.dll
2011-01-27 01:52 . 2010-09-18 06:53   953856   -c----w-   c:\windows\system32\dllcache\mfc40u.dll
2011-01-27 01:50 . 2010-08-23 16:12   617472   -c----w-   c:\windows\system32\dllcache\comctl32.dll
2011-01-27 01:45 . 2010-06-14 14:31   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2011-01-26 20:39 . 2011-01-26 20:39   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Temp
2011-01-26 20:25 . 2011-01-26 20:25   --------   d-----w-   c:\program files\Common Files\Adobe
2011-01-26 20:20 . 2011-01-26 20:20   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-01-26 20:20 . 2011-01-26 20:39   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2011-01-26 19:39 . 2011-01-26 19:39   --------   d-----w-   c:\program files\PDFArea
2011-01-26 19:39 . 2007-09-14 19:53   518064   ----a-w-   c:\windows\system32\Codejock.SkinFramework.Unicode.v11.2.0.ocx
2011-01-26 19:39 . 2007-09-14 19:53   1746864   ----a-w-   c:\windows\system32\Codejock.CommandBars.Unicode.v11.2.0.ocx
2011-01-26 19:39 . 2006-01-03 22:37   665600   ----a-w-   c:\windows\system32\pdfgenx.ocx
2011-01-24 23:49 . 2011-01-24 23:59   --------   d-----w-   c:\program files\PlanSwift9

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-07-15 02:08   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2001-08-18 12:00   249856   ----a-w-   c:\windows\system32\odbc32.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-28 352976]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nmolarez
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vxekokabad
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 20:49   932288   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 20:49   35736   ----a-w-   c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 05:17   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2010-01-27 05:04   1337608   ----a-w-   c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53   141608   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7939:TCP"= 7939:TCP:*:Disabled:PlanSwift

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/30/2010 6:22 PM 56208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 4:43 PM 11352]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [7/14/2005 8:16 PM 1287296]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 4:46 PM 32856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 7:59 PM 19472]
S4 ALLN;ALLN;c:\docume~1\Owner\LOCALS~1\Temp\ALLN.exe --> c:\docume~1\Owner\LOCALS~1\Temp\ALLN.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ovd7wa10.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\documents and settings\Owner\Local Settings\Application Data\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

Notify-AutorunsDisabled - (no file)
MSConfigStartUp-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-06 20:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3612)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-02-06  20:43:02 - machine was rebooted
ComboFix-quarantined-files.txt  2011-02-07 04:42

Pre-Run: 57,716,080,640 bytes free
Post-Run: 57,625,231,360 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 079B59736ECB582315BC018EEC82C74A
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Major slowdown
« Reply #9 on: February 07, 2011, 05:04:36 PM »
Hi, the GJ.

Please copy/paste the requested log as a reply rather than attaching it.  To copy from Notepad, click Edit > Select All > Edit > Copy.  Then paste the results in your reply.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:
Code: [Select]
File::
Nmolarez
Vxekokabad
c:\docume~1\Owner\LOCALS~1\Temp\ALLN.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]"Nmolarez"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]"Vxekokabad"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]Advanced SystemCare 3"=-

Driver::
ALLN.exe
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

How is your computer now?
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline the GJ

  • Newbie
  • *
  • Posts: 11
Re: Major slowdown
« Reply #10 on: February 07, 2011, 06:04:24 PM »
Sorry Corrine, I got so caught up in the testing process I overlooked your directive. My machine is running much better, pages are loading and completing. Boot up is still slower than it should be considering my kaspersky antivirus program is the only checked app in startup. Any suggestions? Thank you so much for your timely responses and all the help, GJ
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Major slowdown
« Reply #11 on: February 07, 2011, 06:28:54 PM »
Hi, the GJ.

Have you followed my previous instructions?  If so, please post the log.  If not, please do so.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline the GJ

  • Newbie
  • *
  • Posts: 11
Re: Major slowdown
« Reply #12 on: February 07, 2011, 09:55:17 PM »
Here it is Corrine. Thanks


ComboFix 11-02-05.01 - Owner 02/06/2011  20:24:33.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.632 [GMT -8:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}
c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}\chrome\content\c.js
c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{81F4FA43-A99C-45AB-9FA2-CCD2205ECCDB}\install.rdf
c:\windows\system\VCL35.BPL

.
(((((((((((((((((((((((((   Files Created from 2011-01-07 to 2011-02-07  )))))))))))))))))))))))))))))))
.

2011-02-06 22:23 . 2010-12-21 02:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-06 22:23 . 2011-02-06 22:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-02-06 22:23 . 2010-12-21 02:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-06 03:00 . 2011-02-06 03:00   --------   d-----w-   c:\program files\Belarc
2011-02-06 03:00 . 2008-02-27 20:49   3840   ----a-w-   c:\windows\system32\drivers\BANTExt.sys
2011-02-06 02:55 . 2011-02-06 02:56   --------   d-----w-   C:\rsit
2011-02-06 02:54 . 2011-02-06 02:54   --------   d-----w-   c:\program files\ERUNT
2011-02-04 18:22 . 2011-02-04 18:37   --------   d-----w-   c:\program files\Windows Live Safety Center
2011-01-28 03:20 . 2011-01-28 03:20   --------   d-----w-   c:\windows\system32\XPSViewer
2011-01-28 03:19 . 2011-01-28 03:19   --------   d-----w-   c:\program files\MSBuild
2011-01-28 03:19 . 2011-01-28 03:19   --------   d-----w-   c:\program files\Reference Assemblies
2011-01-27 02:34 . 2011-01-27 02:34   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2011-01-27 01:54 . 2010-11-02 15:17   40960   -c----w-   c:\windows\system32\dllcache\ndproxy.sys
2011-01-27 01:52 . 2010-09-18 06:53   974848   -c----w-   c:\windows\system32\dllcache\mfc42.dll
2011-01-27 01:52 . 2010-09-18 06:53   953856   -c----w-   c:\windows\system32\dllcache\mfc40u.dll
2011-01-27 01:50 . 2010-08-23 16:12   617472   -c----w-   c:\windows\system32\dllcache\comctl32.dll
2011-01-27 01:45 . 2010-06-14 14:31   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2011-01-26 20:39 . 2011-01-26 20:39   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Temp
2011-01-26 20:25 . 2011-01-26 20:25   --------   d-----w-   c:\program files\Common Files\Adobe
2011-01-26 20:20 . 2011-01-26 20:20   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-01-26 20:20 . 2011-01-26 20:39   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2011-01-26 19:39 . 2011-01-26 19:39   --------   d-----w-   c:\program files\PDFArea
2011-01-26 19:39 . 2007-09-14 19:53   518064   ----a-w-   c:\windows\system32\Codejock.SkinFramework.Unicode.v11.2.0.ocx
2011-01-26 19:39 . 2007-09-14 19:53   1746864   ----a-w-   c:\windows\system32\Codejock.CommandBars.Unicode.v11.2.0.ocx
2011-01-26 19:39 . 2006-01-03 22:37   665600   ----a-w-   c:\windows\system32\pdfgenx.ocx
2011-01-24 23:49 . 2011-01-24 23:59   --------   d-----w-   c:\program files\PlanSwift9

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-07-15 02:08   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2001-08-18 12:00   249856   ----a-w-   c:\windows\system32\odbc32.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-28 352976]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nmolarez
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vxekokabad
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 20:49   932288   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 20:49   35736   ----a-w-   c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 05:17   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2010-01-27 05:04   1337608   ----a-w-   c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53   141608   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7939:TCP"= 7939:TCP:*:Disabled:PlanSwift

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/30/2010 6:22 PM 56208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 4:43 PM 11352]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [7/14/2005 8:16 PM 1287296]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 4:46 PM 32856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 7:59 PM 19472]
S4 ALLN;ALLN;c:\docume~1\Owner\LOCALS~1\Temp\ALLN.exe --> c:\docume~1\Owner\LOCALS~1\Temp\ALLN.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ovd7wa10.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\documents and settings\Owner\Local Settings\Application Data\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

Notify-AutorunsDisabled - (no file)
MSConfigStartUp-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-06 20:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3612)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-02-06  20:43:02 - machine was rebooted
ComboFix-quarantined-files.txt  2011-02-07 04:42

Pre-Run: 57,716,080,640 bytes free
Post-Run: 57,625,231,360 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 079B59736ECB582315BC018EEC82C74A
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Major slowdown
« Reply #13 on: February 07, 2011, 10:34:19 PM »
That was the first log, not the log from my instruction at http://www.landzdown.com/index.php/topic,49335.msg139143.html#msg139143

If you have not followed those instructions, please do so now and post the log. 

If you did run that script, please do the following: 

Hold down the Windows Key and the "R" key.  A run box will appear.  Copy and paste the following:  C:\Qoobox\ComboFix.txt then click OK.  Notepad will open with a log.  Post the contents of that log in your next reply..
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline the GJ

  • Newbie
  • *
  • Posts: 11
Re: Major slowdown
« Reply #14 on: February 08, 2011, 07:56:29 PM »
Sorry Corrine, I followed instructions this time.......
ComboFix 11-02-05.01 - Owner 02/08/2011  12:31:48.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.663 [GMT -8:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((   Files Created from 2011-01-08 to 2011-02-08  )))))))))))))))))))))))))))))))
.

2011-02-06 22:23 . 2010-12-21 02:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-06 22:23 . 2011-02-06 22:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-02-06 22:23 . 2010-12-21 02:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-06 03:00 . 2011-02-06 03:00   --------   d-----w-   c:\program files\Belarc
2011-02-06 03:00 . 2008-02-27 20:49   3840   ----a-w-   c:\windows\system32\drivers\BANTExt.sys
2011-02-06 02:55 . 2011-02-06 02:56   --------   d-----w-   C:\rsit
2011-02-06 02:54 . 2011-02-06 02:54   --------   d-----w-   c:\program files\ERUNT
2011-02-04 18:22 . 2011-02-04 18:37   --------   d-----w-   c:\program files\Windows Live Safety Center
2011-01-28 03:20 . 2011-01-28 03:20   --------   d-----w-   c:\windows\system32\XPSViewer
2011-01-28 03:19 . 2011-01-28 03:19   --------   d-----w-   c:\program files\MSBuild
2011-01-28 03:19 . 2011-01-28 03:19   --------   d-----w-   c:\program files\Reference Assemblies
2011-01-27 02:34 . 2011-01-27 02:34   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2011-01-27 01:54 . 2010-11-02 15:17   40960   -c----w-   c:\windows\system32\dllcache\ndproxy.sys
2011-01-27 01:52 . 2010-09-18 06:53   974848   -c----w-   c:\windows\system32\dllcache\mfc42.dll
2011-01-27 01:52 . 2010-09-18 06:53   953856   -c----w-   c:\windows\system32\dllcache\mfc40u.dll
2011-01-27 01:50 . 2010-08-23 16:12   617472   -c----w-   c:\windows\system32\dllcache\comctl32.dll
2011-01-27 01:45 . 2010-06-14 14:31   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2011-01-26 20:39 . 2011-01-26 20:39   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Temp
2011-01-26 20:25 . 2011-01-26 20:25   --------   d-----w-   c:\program files\Common Files\Adobe
2011-01-26 20:20 . 2011-01-26 20:20   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-01-26 20:20 . 2011-01-26 20:39   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2011-01-26 19:39 . 2011-01-26 19:39   --------   d-----w-   c:\program files\PDFArea
2011-01-26 19:39 . 2007-09-14 19:53   518064   ----a-w-   c:\windows\system32\Codejock.SkinFramework.Unicode.v11.2.0.ocx
2011-01-26 19:39 . 2007-09-14 19:53   1746864   ----a-w-   c:\windows\system32\Codejock.CommandBars.Unicode.v11.2.0.ocx
2011-01-26 19:39 . 2006-01-03 22:37   665600   ----a-w-   c:\windows\system32\pdfgenx.ocx
2011-01-24 23:49 . 2011-01-24 23:59   --------   d-----w-   c:\program files\PlanSwift9

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-07-15 02:08   81920   ----a-w-   c:\windows\system32\isign32.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-28 352976]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 20:49   932288   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 20:49   35736   ----a-w-   c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 05:17   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2010-01-27 05:04   1337608   ----a-w-   c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53   141608   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7939:TCP"= 7939:TCP:*:Disabled:PlanSwift

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/30/2010 6:22 PM 56208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 4:43 PM 11352]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [7/14/2005 8:16 PM 1287296]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 4:46 PM 32856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 7:59 PM 19472]
S4 ALLN;ALLN;c:\docume~1\Owner\LOCALS~1\Temp\ALLN.exe --> c:\docume~1\Owner\LOCALS~1\Temp\ALLN.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ovd7wa10.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\documents and settings\Owner\Local Settings\Application Data\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 12:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2804)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-02-08  12:45:03
ComboFix-quarantined-files.txt  2011-02-08 20:44
ComboFix2.txt  2011-02-08 20:04
ComboFix3.txt  2011-02-08 19:39
ComboFix4.txt  2011-02-07 04:43

Pre-Run: 57,609,179,136 bytes free
Post-Run: 57,596,764,160 bytes free

- - End Of File - - 25C86AF5E384DC4B52F90F7F39412D54
Logged
Pages: [1] 2   Go Up
« previous next »