Inactive Dell Inspirion laptop w/ Vista loads slow, suspected virus present

[dekita]

Hi you guys. So my roommate is having an issue with her laptop. It runs terribly slow, rendering it practically useless in Normal mode. Booting to safe mode works but the simple method of hitting F8 is not always successful since the computer freezes when it's booting Safe Mode (she usually has to do a cold boot) I tried doing a few diagnostic steps, like going System Config and disabling some programs from running, and I found some programs that I suspected to be viruses (these programs were booting from the C:\users\[username]\AppData\Local folder, with random lettering and.dll extensions) So I deleted them. I attempted to run AVG, and it didn't do anything (I don't think it worked). Tried running Malwarebytes but the application kept freezing (also, I was doing all of this in Safe Mode since normal mode was virtually impossible)

What should I do? Whenever the computer boots, it runs very, very slow, taking a long time just to get to the login prompt. And once we login, the screen is just black. Again a virus is suspected but I don't know what I should do anymore

 

[Bobbye]

Welcome to TechSpot! I'll help find the problem. But please don't delete any more .dll files because you don't know what they are.

Give me some info on the system please:
1. How much RAM?
2. How much hard drive available.
3. Is this a new problem? Were there any downloads or updates done before this began?
4. Which model Inspiron is it?
5. When was the last maintenance done on the system> to include disc cleanup for temporary internet files, Cookies< Downloads, ect, defrag, Error check and defrag?

I'm not understanding about the 'cold boot' for Safe Mode. You can't boot into Safe Mode from Normal Mode. Take the system down and then boot into Same Mode. If she's trying to use F8 from Normal Mode, it's not going to work.

"Terribly slow" and "practically useless" in Normal Mode doesn't mean you can't use it.

This is what we start with to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

 

[dekita]

System:
2GB RAM
150GB HD, 64GB free
Dell Inspiron 1521
The lag has been going on for a few weeks, but most recently it's become a major issue. She downloaded a few puzzle games and updated the DiVX Player

The last disc cleanup was done earlier today, it removed about 1GB of stuff. Also the Startup Repair module pops up frequently whenever the computer is rebooted

Oh and Safe Mode is working, she was just doing a complicated method of going onto Safe Mode

Here's the Malwarebyte's log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6370

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

4/15/2011 11:25:42 PM
mbam-log-2011-04-15 (23-25-42).txt

Scan type: Quick scan
Objects scanned: 160646
Time elapsed: 39 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RZDVL2F27W (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QNB2EB90WX (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\microsoft\Windows\start menu\Programs\perfect defender 2009 (Rogue.PerfectDefender) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

 

[dekita]

The GMER program kept restarting the computer, so I don't have a log of the program. Here's the two files from DDS

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by smichaud at 23:57:53.90 on Fri 04/15/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1512 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\System32\WerFault.exe
C:\Users\smichaud\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z003&form=ZGAPHP
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; AskTbGAM-ASK/5.7.1.11048)" -"http://illusioncontest.neuralcorrelate.com/cat/top-10-finalists/2009/#post-1072"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\smichaud\appdata\roaming\mozilla\firefox\profiles\klmrj4n0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z003&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z003&form=ZGAADF&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnipp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnisp.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\smichaud\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\smichaud\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\smichaud\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\smichaud\program files\dna\plugins\npbtdna.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=5.008.027.003 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\smichaud\appdata\roaming\Move Networks
FF - Ext: XULRunner: {2E73A556-9063-46E4-91C4-03B7811EA2BB} - c:\users\smichaud\appdata\local\{2E73A556-9063-46E4-91C4-03B7811EA2BB}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-17 344712]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2008-9-8 34592]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe --> c:\windows\system32\aestsrv.exe [?]
S2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-7 21504]
S2 gupdate1ca2b67acf629c0;Google Update Service (gupdate1ca2b67acf629c0);c:\program files\google\update\GoogleUpdate.exe [2009-9-1 133104]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-10-22 22816]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-10-22 147984]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-10-22 66880]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-17 69192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-9-8 809296]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-1 488776]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-29 29744]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-17 91896]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-17 43192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-17 66536]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-17 21744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-15 22:54:31 -------- d-----w- c:\users\smichaud\appdata\roaming\Malwarebytes
2011-04-15 22:54:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-15 22:54:17 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-15 22:54:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-15 22:54:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-14 04:46:56 -------- d-----w- C:\found.001
2011-04-10 21:06:36 -------- d-----w- c:\users\smichaud\appdata\roaming\AVG
2011-04-09 00:45:17 -------- d-----w- c:\program files\Bonjour
2011-04-08 21:54:45 -------- d-----w- c:\program files\PlayItAll
2011-04-02 02:12:34 -------- d-----w- c:\users\smichaud\appdata\local\AVG Security Toolbar
2011-04-02 00:08:36 -------- d-----w- c:\users\smichaud\appdata\roaming\AVG10
2011-04-01 23:10:11 -------- d--h--w- c:\progra~2\Common Files
2011-04-01 23:09:12 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-04-01 21:54:33 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-01 21:54:33 -------- d-----w- c:\progra~2\AVG10
2011-04-01 20:47:33 -------- d-----w- c:\program files\AVG
2011-04-01 20:34:07 -------- d-----w- c:\progra~2\MFAData
2011-04-01 19:33:43 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a938cea9-dd75-4758-89b7-5261fc683cb9}\mpengine.dll
2011-03-28 21:54:35 -------- d-----w- C:\found.000
2011-03-23 20:43:36 -------- d-----w- c:\users\smichaud\.spss
2011-03-23 19:54:04 -------- d-----w- c:\progra~2\SafeNet Sentinel
2011-03-23 19:46:39 -------- d-----w- c:\progra~2\SPSS
2011-03-23 19:46:38 -------- d-----w- c:\program files\common files\SPSS
2011-03-23 19:46:24 -------- d-----w- c:\program files\common files\SPSSInc
2011-03-23 19:41:36 -------- d-----w- c:\program files\SPSSInc
2011-03-23 19:40:50 205 ----a-w- c:\windows\system32\lsprst7.dll
2011-03-23 19:40:50 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-03-22 18:59:54 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 18:59:54 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-22 18:59:54 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 0:02:54.67 ===============

2nd text file from DDS

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2/29/2008 4:40:07 AM
System Uptime: 4/15/2011 11:48:06 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0KY766
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Microprocessor | 1895/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 78.959 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.378 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0009
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0009
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
32 Bit HP BiDi Channel Components Installer
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.4.3
Adobe Shockwave Player
Advanced Audio FX Engine
Advanced Video FX Engine
AIM 6
AIM Toolbar
AOL Install
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI PCI Express (3GIO) Filter Driver
AVG 2011
AVG PC Tuneup 2011
Bonjour
Browser Address Error Redirector
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
DivX Converter
DivX Setup
DNA
Download Updater (AOL LLC)
EarthLink Setup Files
Google Chrome
Google Desktop
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Service Offers Launcher
iPhone Configuration Utility
iTunes
Java(TM) SE Runtime Environment 6
Laptop Integrated Webcam Driver (1.04.01.1011)
LastChaos
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
McAfee Agent
McAfee VirusScan Enterprise
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
Move Media Player
Mozilla Firefox (3.0.1)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
Nat Geo Games Lost Chronicles - Salem
NetWaiting
NetZeroInstallers
Novell iPrint Client v05.08.00
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PASW Statistics 18
PlayItAll media player 1.0.5
Product Documentation Launcher
QuickSet
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SigmaTel Audio
Skins
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
User's Guides
VC80CRTRedist - 8.0.50727.4053
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 6:18:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
4/9/2011 2:14:43 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
4/9/2011 12:25:33 AM, Error: EventLog [6008] - The previous system shutdown at 11:10:01 PM on 4/8/2011 was unexpected.
4/15/2011 8:41:12 PM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.
4/15/2011 8:38:21 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
4/15/2011 8:38:21 PM, Error: Service Control Manager [7000] - The Andrea ST Filters Service service failed to start due to the following error: The system cannot find the file specified.
4/15/2011 7:22:08 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/15/2011 7:22:08 PM, Error: volmgr [46] - Crash dump initialization failed!
4/15/2011 6:51:13 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
4/15/2011 6:51:07 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/15/2011 4:07:36 PM, Error: EventLog [6008] - The previous system shutdown at 2:36:49 AM on 4/15/2011 was unexpected.
4/15/2011 12:59:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
4/15/2011 12:59:16 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2011 12:56:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
4/15/2011 12:54:18 AM, Error: Service Control Manager [7022] - The McAfee McShield service hung on starting.
4/15/2011 12:53:38 AM, Error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
4/15/2011 11:51:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/15/2011 11:50:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/15/2011 11:50:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 mfehidk nipplpt2 spldr Wanarpv6
4/15/2011 11:50:36 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2011 11:50:36 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
4/15/2011 11:50:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/15/2011 11:50:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/15/2011 11:50:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/15/2011 11:49:39 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
4/15/2011 11:49:13 PM, Error: EventLog [6008] - The previous system shutdown at 11:44:33 PM on 4/15/2011 was unexpected.
4/15/2011 11:38:12 PM, Error: EventLog [6008] - The previous system shutdown at 11:32:55 PM on 4/15/2011 was unexpected.
4/15/2011 1:11:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WMI Performance Adapter service to connect.
4/15/2011 1:11:04 AM, Error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2011 1:07:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
4/15/2011 1:07:41 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2011 1:06:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
4/15/2011 1:06:03 AM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
4/15/2011 1:06:03 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/14/2011 7:55:18 PM, Error: EventLog [6008] - The previous system shutdown at 7:51:57 PM on 4/14/2011 was unexpected.
4/14/2011 12:17:01 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 140.141.209.253 with the system having network hardware address 38-E7-D8-A8-B4-87. Network operations on this system may be disrupted as a result.
4/14/2011 12:08:59 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s).
4/14/2011 12:02:40 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E4CC63C30. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/14/2011 10:02:28 PM, Error: EventLog [6008] - The previous system shutdown at 8:13:19 PM on 4/14/2011 was unexpected.
4/14/2011 1:39:37 AM, Error: Service Control Manager [7022] - The Windows Audio service hung on starting.
4/14/2011 1:07:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.
4/14/2011 1:07:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
4/14/2011 1:07:28 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2011 9:36:22 PM, Error: EventLog [6008] - The previous system shutdown at 9:33:02 PM on 4/13/2011 was unexpected.
4/13/2011 9:32:39 PM, Error: EventLog [6008] - The previous system shutdown at 8:07:07 PM on 4/13/2011 was unexpected.
4/13/2011 6:53:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
4/13/2011 5:54:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee McShield service to connect.
4/13/2011 5:54:28 PM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2011 5:40:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVG Firewall service to connect.
4/13/2011 5:40:46 PM, Error: Service Control Manager [7000] - The AVG Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2011 5:29:39 PM, Error: EventLog [6008] - The previous system shutdown at 5:07:09 PM on 4/13/2011 was unexpected.
4/12/2011 4:33:56 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 15 time(s).
4/12/2011 3:59:45 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 14 time(s).
4/12/2011 3:45:21 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 13 time(s).
4/11/2011 12:20:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
4/11/2011 1:27:48 AM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 12 time(s).
4/11/2011 1:00:32 AM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 11 time(s).
4/10/2011 9:06:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
4/10/2011 7:59:53 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 10 time(s).
4/10/2011 7:48:11 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 9 time(s).
4/10/2011 7:29:58 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 8 time(s).
4/10/2011 5:44:59 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 7 time(s).
4/10/2011 5:35:46 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 6 time(s).
4/10/2011 4:43:54 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 5 time(s).
4/10/2011 3:40:49 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 4 time(s).
4/10/2011 3:31:52 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s).
4/10/2011 2:51:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
4/10/2011 2:51:24 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

[Bobbye]

Please don't put the logs in quotes. It cuts down on the 'space' for them to display.

Regarding this:

Startup Repair module pops up frequently whenever the computer is rebooted

Startup Repair: frequently asked questions

Startup Repair is a Windows Vista recovery tool that can fix certain problems, such as missing or damaged system files, that might prevent Windows from starting correctly. When you run Startup Repair, it scans your computer for the problem and then tries to fix it so your computer can start correctly.

If you have a Windows Vista installation disc, you need to restart (boot) your computer using the installation disc. If you do not restart your computer from the disc, the option to repair your computer will not appear.

Please visit this Microsoft site: How do I use Startup Repair?

That module is coming up for a reason. Please follow the repair directions. When finished, I'll have you rescan to see if there is malware present.

You should remove one of the 2 AV ( AVG and McAfee.) programs running.

Java needs to be updated: Check this site .Java Updates. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Edit: I see quite a few entries that need to be removed. I also note an excess of processes running. This, along with the 2 security suites from AVG and McAfee will account for much of the slow speed. Once we get the system stable, we can address these.

 

[dekita]

I'm sorry, I wasn't being very clear when I last posted. The Startup Repair module came on whenever we tried to access the computer in Normal mode (Whenever the computer is booted normally, it completely freezes with a black screen) Safe Mode is the only available way to run the computer (whenever it's booted in Safe Mode it loads correctly and promptly) The scans I posted earlier were done after Startup Repair had ran.

I tried removing McAfee but a Windows Installer error keeps appearing, stating that there's a problem with the Windows Installer program. I googled this issue and came across this article here:http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_programs/i-get-error-1721/d1a6bb7f-8639-41e7-a8b1-9dfd16330507. I followed these instructions up until Step 3. I have a log of the System file checker, and it came across some problems that it couldn't repair. I'll post that log as well if it helps.

Also I updated Java. Since I can't uninstall McAfee, should I uninstall AVG? I actually prefer AVG

Here's the log from the System File Checker tool, I don't know if it's relevant but hopefully it'll show something?? This contains files that could not be repaired from the tool

2011-04-16 15:26:20, Info CSI 000000a3 [SR] Cannot repair member file [l:22{11}]"typelib.dll" of Microsoft-Windows-COM-LegacyOLE, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 15:26:23, Info CSI 000000a5 [SR] Cannot repair member file [l:22{11}]"typelib.dll" of Microsoft-Windows-COM-LegacyOLE, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 15:37:42, Info CSI 00000129 [SR] Cannot repair member file [l:24{12}]"sqloledb.dll" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-Oledb-SQLServer-Provider-Dll, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 15:50:41, Info CSI 0000012a [SR] Cannot repair member file [l:12{6}]"mf.dll" of Microsoft-Windows-MediaFoundation, Version = 6.0.6002.18392, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 16:02:07, Info CSI 00000167 [SR] Cannot repair member file [l:24{12}]"typeperf.exe" of Microsoft-Windows-PerformanceToolsCommandLine, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 16:02:16, Info CSI 00000169 [SR] Cannot repair member file [l:24{12}]"typeperf.exe" of Microsoft-Windows-PerformanceToolsCommandLine, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 16:23:10, Info CSI 00000187 [SR] Cannot repair member file [l:24{12}]"spreview.exe" of Microsoft-Windows-ServicePackCoordinator, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 16:24:56, Info CSI 00000188 [SR] Cannot repair member file [l:24{12}]"spreview.exe" of Microsoft-Windows-ServicePackCoordinator, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 16:37:25, Info CSI 000001e9 [SR] Cannot repair member file [l:22{11}]"typelib.dll" of Microsoft-Windows-COM-LegacyOLE, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 16:43:49, Info CSI 000001eb [SR] Cannot repair member file [l:24{12}]"typeperf.exe" of Microsoft-Windows-PerformanceToolsCommandLine, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 16:44:23, Info CSI 000001ec [SR] Cannot repair member file [l:24{12}]"spreview.exe" of Microsoft-Windows-ServicePackCoordinator, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 16:44:49, Info CSI 000001ee [SR] Cannot repair member file [l:22{11}]"typelib.dll" of Microsoft-Windows-COM-LegacyOLE, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-04-16 16:44:49, Info CSI 000001f4 [SR] Cannot repair member file [l:24{12}]"typeperf.exe" of Microsoft-Windows-PerformanceToolsCommandLine, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

 

[dekita]

Okay here's a brief update. So running the Systems File Checker tool must've done something, because I was now able to remove McAfee from the computer. Java was updated as well. What should I do now? Should I run those tools (Malwarebytes, DDS, etc) again?

 

[Bobbye]

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

When a helper is assisting you in removing malware from the system, you should not follow directions from another source unless your helper specifically directs you to do it. If you have problems acting on something, I am who you ask for guidance. While I appreciate your efforts to find a remedy yourself, that is discouraged once you are actively getting help

What were you using to remove McAfee? There are times when the Windows Installer is needed but it doesn't run in Safe Mode. But I did not ask you to run the SFC, not leave the log. However, since you have now used a tool that can potentially invalidate previous log entries:
Please update and repeat Mbam.
Please repeat DDS.
Try GMER in Safe Mode
===============================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

====================================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[dekita]

Hi, I just wanted to give an update. My friend's computer was really going slow to the point that it would just hang when it was booting. She also mentioned that the light signals for the hard drive would sometimes not even be on or blinking. So she took it to the student help desk and they discovered she had a lot of bad sectors on her hard drive and it was pretty much on the verge of failure. So they had her order a new hard drive and it should come in by the end of this week.

 

[Bobbye]

Thank you for the update. A suggestion while your roommate is waiting:

Do an Error Check: Click on My Computer> Right click on Local Drive(C)> Properties> Tools tab> Error Check section> Click on Check now> on the screen that comes up, check 'Automatically fix file system errors> Check Scan for, and attempt recovery of, bad sectors'> Click on OK> Apply> Close the message that comes up> Be sure all active Windows are closed and reboot the computer.

The Error checking will start in a few seconds. It may take a while to finish, but let it run. The computer will reboot when through.

Might help with those bad sectors and/or it might buy some time.