TechSpot

Completed 8 steps :)

By dey05
Nov 2, 2010
  1. Hi,
    I just got a refurbished computer and it is running super slow, please let me know if its just the way thecomputer is (and what uncessesary programs i can delete) or if i have malicious spyware/adware etc...logs below:


    1)
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5019

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    01/11/2010 11:05:25 PM
    mbam-log-2010-11-01 (23-05-25).txt

    Scan type: Quick scan
    Objects scanned: 136488
    Time elapsed: 27 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    2)
    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-11-02 02:06:00
    Windows 5.1.2600 Service Pack 3
    Running: 29mj8u7f.exe; Driver: C:\DOCUME~1\Name\LOCALS~1\Temp\pxtdqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT F99A118E ZwCreateKey
    SSDT F99A1184 ZwCreateThread
    SSDT F99A1193 ZwDeleteKey
    SSDT F99A119D ZwDeleteValueKey
    SSDT F99A11A2 ZwLoadKey
    SSDT F99A1170 ZwOpenProcess
    SSDT F99A1175 ZwOpenThread
    SSDT F99A11AC ZwReplaceKey
    SSDT F99A11A7 ZwRestoreKey
    SSDT F99A1198 ZwSetValueKey

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    3)
    DDS (Ver_10-11-01.01) - NTFSx86
    Run by Name at 2:11:05.33 on 02/11/2010
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.33 [GMT -4:00]

    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    svchost.exe
    C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\DrvMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\BITWARE\NT\bwprnmon.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    c:\program files\avira\antivir desktop\avcenter.exe
    C:\Documents and Settings\Name\Desktop\29mj8u7f.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Name\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.ca/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [PCTVOICE] pctspk.exe
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [Airlink101 Airlink101 WLAN Monitor] c:\program files\airlink101\airlink101 wlan monitor\WLANmon.exe
    mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bitwar~1.lnk - c:\bitware\nt\bwprnmon.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-31 11608]
    R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2005-12-23 11776]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-31 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-31 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-31 60936]
    R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-9-5 506112]
    S3 DCamUSBBVI;SiPix StyleCam BlinkII Dual Mode Camera;c:\windows\system32\drivers\biomini.sys --> c:\windows\system32\drivers\biomini.sys [?]
    S3 Smcpwr2n;SMC EtherPower II 10/100 Ethernet Adapter driver ;c:\windows\system32\drivers\smcpwr2n.sys [2005-5-30 25034]

    =============== Created Last 30 ================

    2010-11-02 02:35:59 -------- d-----w- c:\docume~1\name\applic~1\Malwarebytes
    2010-11-02 02:35:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-02 02:35:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-02 02:35:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-02 02:35:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-31 07:53:15 -------- d-----w- c:\windows\system32\NtmsData
    2010-10-31 07:15:01 -------- d-----w- c:\docume~1\name\applic~1\Avira
    2010-10-31 06:41:45 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-31 06:41:38 -------- d-----w- c:\program files\Avira
    2010-10-31 06:41:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-10-14 12:33:55 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-10-14 04:25:08 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-14 04:25:03 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-14 04:03:50 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

    ==================== Find3M ====================

    2010-09-19 22:08:13 1409 ----a-w- c:\windows\QTFont.for
    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-09 13:38:00 17408 ------w- c:\windows\system32\corpol.dll
    2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    ============= FINISH: 2:12:54.41 ===============


    4)
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/05/2005 5:03:44 PM
    System Uptime: 11/01/2010 9:49:38 PM (7061 hours ago)

    Motherboard: Compaq | | 06C0h
    Processor: Intel Celeron processor | J1 | 847/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 38 GiB total, 4.331 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_0007A0A0&REV_10\4&24AB0D93&0&50F0
    Manufacturer: Realtek
    Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_0007A0A0&REV_10\4&24AB0D93&0&50F0
    Service: rtl8139

    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&264480D3&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&264480D3&0
    Service: i8042prt

    ==== System Restore Points ===================

    RP350: 05/09/2010 2:44:55 PM - Configured iTunes
    RP351: 05/09/2010 7:16:35 PM - Unsigned driver install
    RP352: 05/09/2010 7:22:47 PM - Installed Airlink101 WLAN Monitor
    RP353: 06/09/2010 6:13:50 AM - Software Distribution Service 3.0
    RP354: 07/09/2010 7:13:25 AM - System Checkpoint
    RP355: 08/09/2010 6:19:43 PM - Avg8 Update
    RP356: 09/09/2010 8:31:11 PM - Avg8 Update
    RP357: 12/09/2010 11:56:20 PM - System Checkpoint
    RP358: 13/09/2010 7:33:21 AM - Software Distribution Service 3.0
    RP359: 14/09/2010 9:04:44 PM - System Checkpoint
    RP360: 15/09/2010 9:10:28 PM - System Checkpoint
    RP361: 16/09/2010 7:39:01 AM - Software Distribution Service 3.0
    RP362: 17/09/2010 8:19:56 PM - System Checkpoint
    RP363: 18/09/2010 8:21:33 PM - System Checkpoint
    RP364: 19/09/2010 6:05:46 PM - Configured QuickTime
    RP365: 20/09/2010 11:04:34 PM - System Checkpoint
    RP366: 21/09/2010 11:18:23 PM - System Checkpoint
    RP367: 23/09/2010 1:27:27 AM - System Checkpoint
    RP368: 24/09/2010 2:13:11 AM - System Checkpoint
    RP369: 25/09/2010 2:27:54 AM - System Checkpoint
    RP370: 26/09/2010 2:47:45 AM - System Checkpoint
    RP371: 27/09/2010 3:27:23 AM - System Checkpoint
    RP372: 27/09/2010 8:08:51 PM - Removed Microsoft Silverlight
    RP373: 28/09/2010 8:32:46 PM - System Checkpoint
    RP374: 29/09/2010 7:55:19 AM - Software Distribution Service 3.0
    RP375: 04/10/2010 1:36:01 PM - System Checkpoint
    RP376: 05/10/2010 7:17:46 PM - System Checkpoint
    RP377: 06/10/2010 6:47:03 PM - Avg8 Update
    RP378: 07/10/2010 7:31:17 PM - System Checkpoint
    RP379: 08/10/2010 7:58:36 AM - Software Distribution Service 3.0
    RP380: 09/10/2010 8:45:02 AM - System Checkpoint
    RP381: 10/10/2010 8:49:58 AM - System Checkpoint
    RP382: 11/10/2010 5:03:49 PM - System Checkpoint
    RP383: 12/10/2010 5:23:59 PM - System Checkpoint
    RP384: 13/10/2010 6:24:07 PM - System Checkpoint
    RP385: 14/10/2010 8:01:24 AM - Software Distribution Service 3.0
    RP386: 18/10/2010 12:28:30 AM - System Checkpoint
    RP387: 19/10/2010 1:21:47 AM - System Checkpoint
    RP388: 20/10/2010 1:37:19 AM - System Checkpoint
    RP389: 21/10/2010 2:04:33 AM - System Checkpoint
    RP390: 22/10/2010 2:49:30 AM - System Checkpoint
    RP391: 23/10/2010 10:58:55 AM - System Checkpoint
    RP392: 23/10/2010 10:13:51 PM - Removed Java(TM) 6 Update 18
    RP393: 24/10/2010 11:09:05 PM - System Checkpoint
    RP394: 25/10/2010 11:40:27 PM - System Checkpoint
    RP395: 26/10/2010 9:37:43 AM - Avg8 Update
    RP396: 26/10/2010 9:40:53 AM - Avg8 Update
    RP397: 27/10/2010 9:43:47 AM - System Checkpoint
    RP398: 28/10/2010 11:10:02 AM - System Checkpoint
    RP399: 29/10/2010 7:02:57 PM - System Checkpoint
    RP400: 30/10/2010 7:27:17 PM - System Checkpoint
    RP401: 31/10/2010 1:15:44 AM - Removed AVG Free 8.5
    RP402: 31/10/2010 1:18:24 AM - Installed AVG Free 8.5
    RP403: 01/11/2010 1:23:59 AM - System Checkpoint
    RP404: 02/11/2010 1:54:07 AM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.5
    Airlink101 WLAN Monitor
    ANIO Service
    ANIWZCS2 Service
    Avira AntiVir Personal - Free Antivirus
    Canon iP2600 series
    Canon My Printer
    Canon Utilities Solution Menu
    Critical Update for Windows Media Player 11 (KB959772)
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HSP56 MicroModem Drivers
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Professional
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    31/10/2010 2:38:56 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    31/10/2010 2:38:56 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Name\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    31/10/2010 2:38:56 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    29/10/2010 6:47:20 PM, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x74), which lies in the 0x74 - 0x76 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
    29/10/2010 6:47:20 PM, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x75), which lies in the 0x74 - 0x76 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
    01/11/2010 9:53:04 PM, error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.
    01/11/2010 11:13:07 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I don't see anything suspicious.
    Since this is used computer, did you consider fresh Windows installation?
     
  3. dey05

    dey05 TS Rookie Topic Starter

    i was afraid i would have to do that...i dont have the windows disc...
    are there any unecessary programs that take up a lot of memory that i can delete? i'm just afraid to delete the wrong thing
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Let's take a look...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  5. dey05

    dey05 TS Rookie Topic Starter

    here it is:

    OTL logfile created on: 04/11/2010 10:49:12 PM - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Name\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    255.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 57.00% Memory free
    625.00 Mb Paging File | 361.00 Mb Available in Paging File | 58.00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 38.28 Gb Total Space | 4.14 Gb Free Space | 10.82% Space Free | Partition Type: NTFS

    Computer Name: GH4 | User Name: Name | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/04 22:25:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Name\Desktop\OTL.exe
    PRC - [2010/11/03 18:38:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/11/03 18:38:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/11/03 18:38:06 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2008/04/13 20:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/09/13 21:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2007/06/18 14:30:08 | 001,925,120 | ---- | M] (Airlink101) -- C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe
    PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    PRC - [2005/11/27 16:10:39 | 000,054,272 | ---- | M] () -- C:\BITWARE\NT\bwprnmon.exe
    PRC - [2004/09/09 22:16:57 | 000,053,248 | ---- | M] (Alcor Micro, Corp.) -- C:\WINDOWS\system32\DrvMon.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/04 22:25:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Name\Desktop\OTL.exe
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/11/03 18:38:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/11/03 18:38:06 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
    SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\biomini.sys -- (DCamUSBBVI)
    DRV - [2010/11/03 18:38:07 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/11/03 18:38:07 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2007/06/18 13:25:24 | 000,506,112 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2005/12/11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
    DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2004/08/03 18:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
    DRV - [2004/08/03 18:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
    DRV - [2004/08/03 18:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
    DRV - [2004/08/03 18:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
    DRV - [2004/08/03 18:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
    DRV - [2004/08/03 18:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
    DRV - [2004/08/03 18:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
    DRV - [2004/08/03 18:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
    DRV - [2004/08/03 18:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
    DRV - [2004/08/03 18:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
    DRV - [2004/08/03 18:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
    DRV - [2004/08/03 18:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
    DRV - [2004/08/03 18:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
    DRV - [2004/08/03 18:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
    DRV - [2004/08/03 18:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
    DRV - [2003/03/27 14:55:48 | 000,011,776 | ---- | M] (WayTech Development, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\kbfilter.sys -- (kbfilter)
    DRV - [2003/01/23 15:29:28 | 000,009,548 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\moufiltr.sys -- (moufiltr)
    DRV - [2002/05/08 11:08:56 | 000,189,568 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es198x.sys -- (allegro) ESS Allegro Audio Driver (WDM)
    DRV - [2002/04/08 20:17:52 | 000,120,433 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
    DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
    DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
    DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
    DRV - [2001/08/17 10:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
    DRV - [2001/08/17 08:12:48 | 000,025,034 | ---- | M] (SMC Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcpwr2n.sys -- (Smcpwr2n)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0



    [2009/12/21 22:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Name\Application Data\Mozilla\Extensions
    [2010/07/24 10:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Name\Application Data\Mozilla\Firefox\Profiles\44sr1t29.default\extensions
    [2010/06/11 12:51:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Name\Application Data\Mozilla\Firefox\Profiles\44sr1t29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/05 14:49:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [Airlink101 Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe (Airlink101)
    O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
    O4 - HKCU..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe (Alcor Micro, Corp.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/11/27 16:10:40 | 000,000,018 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2005/05/30 16:58:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BIT -- [ NTFS ]
    O33 - MountPoints2\{a20eb830-ac7a-11da-8794-000021f636a0}\Shell - "" = AutoRun
    O33 - MountPoints2\{a20eb830-ac7a-11da-8794-000021f636a0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a20eb830-ac7a-11da-8794-000021f636a0}\Shell\AutoRun\command - "" = E:\loader.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - VfWWDM32.dll File not found
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/04 22:25:38 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Name\Desktop\OTL.exe
    [2010/11/01 22:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Name\Application Data\Malwarebytes
    [2010/11/01 22:35:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/01 22:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/01 22:35:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/01 22:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/01 22:23:07 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Name\Desktop\mbam-setup-1.46.exe
    [2010/10/31 03:53:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2010/10/31 03:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Name\Application Data\Avira
    [2010/10/31 02:41:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/10/31 02:41:45 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/10/31 02:41:45 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/10/31 02:41:45 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/10/31 02:41:45 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/10/31 02:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/10/31 02:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

    ========== Files - Modified Within 30 Days ==========

    [2010/11/04 22:25:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Name\Desktop\OTL.exe
    [2010/11/04 21:39:31 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{6D9E1BBE-AF10-448D-B68F-CC50D3F0844B}
    [2010/11/04 21:39:25 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{6D9E1BBE-AF10-448D-B68F-CC50D3F0844B}
    [2010/11/04 21:39:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/04 21:39:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/04 21:38:56 | 266,981,376 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/04 07:15:05 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
    [2010/11/03 18:38:07 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/11/03 18:38:07 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/11/01 22:35:48 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/01 22:23:07 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Name\Desktop\mbam-setup-1.46.exe
    [2010/10/31 02:42:28 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/10/14 09:05:33 | 000,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/14 08:45:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/08 08:08:41 | 000,432,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/08 08:08:41 | 000,067,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2010/11/01 22:35:48 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/31 02:42:27 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/09/05 19:27:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
    [2010/03/26 14:34:53 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Name\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/21 10:41:43 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/03/06 18:10:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
    [2005/12/23 15:49:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\HKLock.dll
    [2005/12/23 15:49:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\HKLock.dll
    [2005/11/27 16:32:53 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
    [2005/11/27 15:05:44 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
    [2005/11/27 15:05:14 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2005/11/27 15:01:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
    [2005/11/27 15:00:23 | 000,000,024 | ---- | C] () -- C:\WINDOWS\pstudio.ini
    [2005/11/27 15:00:23 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
    [2005/10/24 12:33:33 | 000,000,621 | ---- | C] () -- C:\WINDOWS\videoimp.ini
    [2005/10/24 12:33:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2005/10/24 12:23:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/05/30 12:39:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

    ========== LOP Check ==========

    [2009/12/22 13:24:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2005/10/24 12:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2010/02/10 11:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2005/11/28 21:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Name\Application Data\Leadertech

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/11/27 16:10:40 | 000,000,018 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2005/05/30 16:58:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BIT
    [2005/05/30 16:46:57 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2006/03/05 15:07:16 | 000,006,700 | ---- | M] () -- C:\caavsetup.log
    [2007/02/22 08:01:46 | 000,033,079 | ---- | M] () -- C:\caavsetupLog.txt
    [2008/03/06 18:01:13 | 000,038,790 | ---- | M] () -- C:\caisslog.txt
    [2005/05/30 16:58:23 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/11/04 21:38:56 | 266,981,376 | -HS- | M] () -- C:\hiberfil.sys
    [2005/05/30 16:58:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2005/05/30 16:58:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/14 13:26:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/11/04 21:38:54 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005/05/30 16:57:32 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/10/22 01:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD97.DLL
    [2007/10/22 01:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP97.DLL
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/05/30 12:35:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/05/30 12:35:50 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/05/30 12:35:50 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/14 13:35:27 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2005/08/30 20:47:11 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Name\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/05/30 17:15:05 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Name\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/01 22:23:07 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Name\Desktop\mbam-setup-1.46.exe
    [2010/11/04 22:25:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Name\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2005/05/30 17:15:05 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Name\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/01 22:05:12 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Name\Cookies\desktop.ini
    [2010/11/04 22:44:44 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Name\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 14:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 14:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 14:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >






    OTL Extras logfile created on: 04/11/2010 10:49:12 PM - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Name\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    255.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 57.00% Memory free
    625.00 Mb Paging File | 361.00 Mb Available in Paging File | 58.00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 38.28 Gb Total Space | 4.14 Gb Free Space | 10.82% Space Free | Partition Type: NTFS

    Computer Name: GH4 | User Name: Name | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
    "3540:UDP" = 3540:UDP:*:Enabled:peer Name Resolution Protocol (PNRP)
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
    "3540:UDP" = 3540:UDP:*:Enabled:peer Name Resolution Protocol (PNRP)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{47759129-8649-47D1-9EA5-4BB84D86DB97}" = Airlink101 WLAN Monitor
    "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
    "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "Installing HSP56 MicroModem Drivers" = HSP56 MicroModem Drivers
    "InstallShield_{47759129-8649-47D1-9EA5-4BB84D86DB97}" = Airlink101 WLAN Monitor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 28/03/2010 6:58:31 PM | Computer Name = GH4 | Source = MsiInstaller | ID = 1013
    Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Microsoft
    .NET Framework 3.0 Service Pack 2 cannot be uninstalled because it will affect other
    applications that are installed. For more information, see http://go.microsoft.com/fwlink/?LinkId=91126.

    Error - 28/03/2010 7:02:44 PM | Computer Name = GH4 | Source = MsiInstaller | ID = 1013
    Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Microsoft
    .NET Framework 2.0 Service Pack 2 cannot be uninstalled because it will affect other
    applications that are installed. For more information, see http://go.microsoft.com/fwlink/?LinkId=91126.

    Error - 23/04/2010 12:36:33 PM | Computer Name = GH4 | Source = Application Error | ID = 1000
    Description = Faulting application firefox.exe, version 1.9.2.3743, faulting module
    npswf32.dll, version 10.0.45.2, fault address 0x00230bd1.

    Error - 01/07/2010 7:18:53 AM | Computer Name = GH4 | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3828, faulting
    module npswf32.dll, version 10.0.45.2, fault address 0x0011a65b.

    Error - 08/09/2010 6:13:16 PM | Computer Name = GH4 | Source = Application Error | ID = 1000
    Description = Faulting application ANIWZCSdS.exe, version 1.0.3.7034, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x00014acd.

    Error - 18/09/2010 5:24:01 PM | Computer Name = GH4 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 18/09/2010 5:24:01 PM | Computer Name = GH4 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 18/09/2010 5:24:01 PM | Computer Name = GH4 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 29/09/2010 2:50:45 PM | Computer Name = GH4 | Source = Application Error | ID = 1000
    Description = Faulting application ANIWZCSdS.exe, version 1.0.3.7034, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x00014acd.

    Error - 10/10/2010 1:32:50 PM | Computer Name = GH4 | Source = Application Error | ID = 1000
    Description = Faulting application ANIWZCSdS.exe, version 1.0.3.7034, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x00014acd.

    [ System Events ]
    Error - 01/11/2010 11:14:33 PM | Computer Name = GH4 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 02/11/2010 6:20:37 PM | Computer Name = GH4 | Source = ACPI | ID = 327685
    Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
    (0x74), which lies in the 0x74 - 0x76 protected address range. This could lead to
    system instability. Please contact your system vendor for technical assistance.

    Error - 02/11/2010 6:20:37 PM | Computer Name = GH4 | Source = ACPI | ID = 327684
    Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
    (0x75), which lies in the 0x74 - 0x76 protected address range. This could lead to
    system instability. Please contact your system vendor for technical assistance.

    Error - 03/11/2010 6:33:13 PM | Computer Name = GH4 | Source = ACPI | ID = 327685
    Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
    (0x74), which lies in the 0x74 - 0x76 protected address range. This could lead to
    system instability. Please contact your system vendor for technical assistance.

    Error - 03/11/2010 6:33:13 PM | Computer Name = GH4 | Source = ACPI | ID = 327684
    Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
    (0x75), which lies in the 0x74 - 0x76 protected address range. This could lead to
    system instability. Please contact your system vendor for technical assistance.

    Error - 04/11/2010 7:15:18 AM | Computer Name = GH4 | Source = ACPI | ID = 327685
    Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
    (0x74), which lies in the 0x74 - 0x76 protected address range. This could lead to
    system instability. Please contact your system vendor for technical assistance.

    Error - 04/11/2010 7:15:18 AM | Computer Name = GH4 | Source = ACPI | ID = 327684
    Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
    (0x75), which lies in the 0x74 - 0x76 protected address range. This could lead to
    system instability. Please contact your system vendor for technical assistance.

    Error - 04/11/2010 9:39:27 PM | Computer Name = GH4 | Source = ACPI | ID = 327685
    Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
    (0x74), which lies in the 0x74 - 0x76 protected address range. This could lead to
    system instability. Please contact your system vendor for technical assistance.

    Error - 04/11/2010 9:39:27 PM | Computer Name = GH4 | Source = ACPI | ID = 327684
    Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
    (0x75), which lies in the 0x74 - 0x76 protected address range. This could lead to
    system instability. Please contact your system vendor for technical assistance.

    Error - 04/11/2010 9:41:53 PM | Computer Name = GH4 | Source = Service Control Manager | ID = 7022
    Description = The Avira AntiVir Guard service hung on starting.


    < End of report >
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I looked at the list of installed programs and you don't have too many of them.
    I don't see much, you could uninstall.

    Then...

    You have very little of RAM. XP would run much better, if you had at least 512MB of RAM.

    Hard drive is very small and you're running low on free disk space.

    ==========================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O33 - MountPoints2\{a20eb830-ac7a-11da-8794-000021f636a0}\Shell - "" = AutoRun
      O33 - MountPoints2\{a20eb830-ac7a-11da-8794-000021f636a0}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{a20eb830-ac7a-11da-8794-000021f636a0}\Shell\AutoRun\command - "" = E:\loader.exe -- File not found
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" =-
      
      :Files
      C:\Program Files\AVG
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...