Resolved Computer is running very slowly

L

lily1209

Posts: 24   +0
I've been dealing with a slow computer for months and have finally had it. I've opened the task manager and there are 72 processes running. However, many of them are duplicates (e.g., 10 svchost.exe running) and some are using incredible amounts of memory (e.g., TeaTimer.exe: 124,740K). Plus when I open IE it often becomes unresponsive and needs to be shutdown multiple times.

I've run antivirus and malware/spyware programs but have found nothing.

Any help would be great.
Thanks.
 
Hi and welcome to TechSpot forums :).

====

Please read the directions given here and when done, post the requested logs.
Please do not attach the logs unless requested, or unless they are to large to paste.
 
Mbam Log

Thanks for the info. Here are the logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4550

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/5/2010 7:53:39 AM
mbam-log-2010-09-05 (07-53-39).txt

Scan type: Quick scan
Objects scanned: 143057
Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
 
GMER log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 09:13:40
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\GINAMA~1\LOCALS~1\Temp\pgtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT 882CDA80 ZwAlertResumeThread
SSDT 88978050 ZwAlertThread
SSDT 881A40A8 ZwAllocateVirtualMemory
SSDT 881BB050 ZwAssignProcessToJobObject
SSDT 89B1AD10 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB54C5210]
SSDT 881EE318 ZwCreateMutant
SSDT 881BDDF0 ZwCreateSymbolicLinkObject
SSDT 881F1098 ZwCreateThread
SSDT 881C1208 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB54C5490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB54C59F0]
SSDT 881A70A0 ZwDuplicateObject
SSDT 88197060 ZwFreeVirtualMemory
SSDT 88244540 ZwImpersonateAnonymousToken
SSDT 88955050 ZwImpersonateThread
SSDT 89B02878 ZwLoadDriver
SSDT 8818E0E0 ZwMapViewOfSection
SSDT 88207050 ZwOpenEvent
SSDT 881EA0E8 ZwOpenProcess
SSDT 88972050 ZwOpenProcessToken
SSDT 88206800 ZwOpenSection
SSDT 881A7170 ZwOpenThread
SSDT 881BDEC0 ZwProtectVirtualMemory
SSDT 88884368 ZwResumeThread
SSDT 88973238 ZwSetContextThread
SSDT 8818C0F0 ZwSetInformationProcess
SSDT 881C6050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB54C5C40]
SSDT 88204050 ZwSuspendProcess
SSDT 882CA380 ZwSuspendThread
SSDT 8926D608 ZwTerminateProcess
SSDT 88255050 ZwTerminateThread
SSDT 8897C330 ZwUnmapViewOfSection
SSDT 88197130 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 256C 80501DA4 8 Bytes CALL D0D83C49
? pkbstpu.sys The system cannot find the file specified. !
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2120] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4d55743
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4d89a4b
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a4d55743 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a4d89a4b (not active ControlSet)

---- EOF - GMER 1.0.15 ----
 
DDS attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/22/2009 9:26:27 PM
System Uptime: 9/5/2010 7:55:20 AM (2 hours ago)

Motherboard: IBM | | 26686CU
Processor: Intel(R) Pentium(R) M processor 2.00GHz | None | 1995/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 53 GiB total, 32.127 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11\4&111A1FD8&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11\4&111A1FD8&0&00E0
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2915ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4224&SUBSYS_10108086&REV_05\4&AD1B67F&0&10F0
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 2915ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4224&SUBSYS_10108086&REV_05\4&AD1B67F&0&10F0
Service: w29n51

==== System Restore Points ===================

RP231: 6/5/2010 6:09:39 AM - Software Distribution Service 3.0
RP232: 6/7/2010 1:24:06 PM - System Checkpoint
RP233: 6/8/2010 3:22:05 PM - System Checkpoint
RP234: 6/9/2010 1:36:02 PM - Software Distribution Service 3.0
RP235: 6/10/2010 3:44:03 PM - System Checkpoint
RP236: 6/11/2010 5:51:54 PM - System Checkpoint
RP237: 6/13/2010 3:25:28 PM - System Checkpoint
RP238: 6/15/2010 8:20:04 AM - System Checkpoint
RP239: 6/16/2010 9:08:02 AM - System Checkpoint
RP240: 6/17/2010 9:24:34 AM - System Checkpoint
RP241: 6/18/2010 8:13:31 PM - System Checkpoint
RP242: 6/20/2010 3:54:59 PM - System Checkpoint
RP243: 6/21/2010 6:24:50 PM - System Checkpoint
RP244: 6/22/2010 4:52:20 PM - Software Distribution Service 3.0
RP245: 6/23/2010 8:14:40 PM - System Checkpoint
RP246: 6/24/2010 8:20:30 PM - System Checkpoint
RP247: 6/28/2010 11:37:29 AM - System Checkpoint
RP248: 6/29/2010 5:22:00 PM - System Checkpoint
RP249: 6/30/2010 5:51:42 PM - System Checkpoint
RP250: 7/1/2010 6:00:46 PM - System Checkpoint
RP251: 7/4/2010 11:12:24 AM - System Checkpoint
RP252: 7/5/2010 6:41:41 PM - System Checkpoint
RP253: 7/7/2010 7:48:46 AM - System Checkpoint
RP254: 7/8/2010 8:44:57 AM - System Checkpoint
RP255: 7/9/2010 3:38:59 PM - System Checkpoint
RP256: 7/12/2010 6:45:17 PM - System Checkpoint
RP257: 7/14/2010 9:28:47 AM - System Checkpoint
RP258: 7/14/2010 1:04:38 PM - Software Distribution Service 3.0
RP259: 7/15/2010 1:16:46 PM - System Checkpoint
RP260: 7/16/2010 2:15:05 PM - System Checkpoint
RP261: 7/17/2010 5:05:23 PM - System Checkpoint
RP262: 7/19/2010 3:06:03 PM - System Checkpoint
RP263: 7/21/2010 3:34:43 PM - System Checkpoint
RP264: 7/22/2010 5:51:36 PM - System Checkpoint
RP265: 7/23/2010 9:20:08 PM - System Checkpoint
RP266: 7/27/2010 8:20:41 AM - System Checkpoint
RP267: 7/28/2010 8:21:11 AM - System Checkpoint
RP268: 7/29/2010 8:28:34 AM - System Checkpoint
RP269: 7/30/2010 11:08:20 AM - System Checkpoint
RP270: 8/1/2010 8:25:35 AM - System Checkpoint
RP271: 8/2/2010 10:58:59 AM - System Checkpoint
RP272: 8/3/2010 7:17:34 AM - Software Distribution Service 3.0
RP273: 8/4/2010 8:11:08 AM - System Checkpoint
RP274: 8/5/2010 8:19:45 AM - System Checkpoint
RP275: 8/6/2010 9:20:54 AM - System Checkpoint
RP276: 8/14/2010 1:59:46 PM - Software Distribution Service 3.0
RP277: 8/16/2010 12:59:18 PM - System Checkpoint
RP278: 8/17/2010 4:39:34 PM - System Checkpoint
RP279: 8/18/2010 5:16:59 PM - System Checkpoint
RP280: 8/19/2010 5:26:58 PM - System Checkpoint
RP281: 8/22/2010 10:43:53 AM - System Checkpoint
RP282: 8/23/2010 12:47:06 PM - System Checkpoint
RP283: 8/25/2010 4:04:24 PM - System Checkpoint
RP284: 8/26/2010 4:17:39 PM - System Checkpoint
RP285: 8/29/2010 12:01:04 PM - System Checkpoint
RP286: 8/30/2010 1:10:17 PM - System Checkpoint
RP287: 9/1/2010 8:18:37 AM - System Checkpoint
RP288: 9/2/2010 9:18:37 AM - System Checkpoint
RP289: 9/3/2010 7:00:19 AM - Software Distribution Service 3.0

==== Installed Programs ======================


Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-Branding
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
Chinese Simplified Fonts Support For Adobe Reader 9
Compatibility Pack for the 2007 Office system
Cozi Central
D-Link DWA-130 Wireless N USB Adapter
File-Mate 1500 (1.5.5)
FreeRIP v3.40
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 3320 series (Remove only)
IBM Lotus Symphony
Intel(R) PROSet/Wireless WiFi Software
InterVideo Register Manager
InterVideo WinDVD
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Security Suite
OGA Notifier 2.0.0048.0
PC-Doctor 5 for Windows
Picasa 3
QuickBooks
QuickBooks Pro 2010
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skins
Sonic Express Labeler
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
System Requirements Lab for Intel
System Update
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
ThinkPad Integrated 56K Modem
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkVantage Access Connections
ThinkVantage Fingerprint Software 5.8
upapp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
WordWeb

==== Event Viewer Messages From Past Week ========

9/5/2010 7:57:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
9/5/2010 7:56:23 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/5/2010 7:24:05 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:04 AM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:04 AM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:04 AM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:04 AM, error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:04 AM, error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:04 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:04 AM, error: Service Control Manager [7031] - The Access Connections Main Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/5/2010 7:24:03 AM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:03 AM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:03 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:03 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:03 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:03 AM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
9/5/2010 7:24:03 AM, error: Service Control Manager [7031] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/31/2010 8:39:17 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
8/31/2010 12:42:13 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0018E7C33DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/30/2010 12:43:07 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer MURRAYWORK using any of the configured protocols.
8/29/2010 6:25:17 PM, error: ati2mtag [43034] - Unknown EDID version

==== End Of File ===========================
 
dds log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Gina M Aguayo at 9:16:52.00 on Sun 09/05/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1062 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\soffice.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Gina M Aguayo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SODCPreLoad] c:\program files\ibm\lotus\symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\preload.exe c:\docume~1\ginama~1\ibm\lotus\symphony\.sodc\
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
StartupFolder: c:\docume~1\ginama~1\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\docume~1\ginama~1\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 reve\wirelesscm.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266803557031
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli psqlpwd ACGina
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-6-1 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-6-1 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-18 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-6-1 501888]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-6-1 116784]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-6-1 126392]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2008-6-24 12560]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2010-5-5 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-30 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100903.003\IDSXpx86.sys [2010-9-4 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100904.003\NAVENG.SYS [2010-9-5 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100904.003\NAVEX15.SYS [2010-9-5 1362608]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-5-5 588032]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S2 WLSVC;WLSVC;c:\program files\d-link\dwa-130 reve\WLSVC.exe [2010-5-5 167936]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-2 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-2 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-2 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-2 40552]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [2009-11-24 222720]
S3 PCX500MP;Cisco 350 Series Lower Device Filter;c:\windows\system32\drivers\pcx500mp.sys [2002-8-5 4990]

=============== Created Last 30 ================

2010-09-05 11:40:14 0 d-----w- c:\docume~1\ginama~1\applic~1\Malwarebytes
2010-09-05 11:40:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-05 11:40:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-05 11:40:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-05 11:40:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 22:37:31 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-08-29 22:37:26 0 d-----w- c:\program files\Security Task Manager
2010-08-16 12:05:49 3246 ----a-w- c:\windows\system32\wbem\Outlook_01cb3d3b5d721134.mof

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

============= FINISH: 9:17:30.09 ===============
 
Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
 
combo fix log

Thank you so much for your help. Here's the log:

ComboFix 10-09-04.06 - Gina M Aguayo 09/05/2010 10:06:52.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1310 [GMT -4:00]
Running from: c:\documents and settings\Gina M Aguayo\Desktop\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-05 11:40 . 2010-09-05 11:40 -------- d-----w- c:\documents and settings\Gina M Aguayo\Application Data\Malwarebytes
2010-09-05 11:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-05 11:40 . 2010-09-05 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-05 11:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-05 11:40 . 2010-09-05 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 22:38 . 2010-08-29 22:38 -------- d-----w- c:\documents and settings\Gina M Aguayo\Local Settings\Application Data\Help
2010-08-13 15:17 . 2010-08-13 15:17 503808 ----a-w- c:\documents and settings\Gina M Aguayo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-24a01213-n\msvcp71.dll
2010-08-13 15:17 . 2010-08-13 15:17 499712 ----a-w- c:\documents and settings\Gina M Aguayo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-24a01213-n\jmc.dll
2010-08-13 15:17 . 2010-08-13 15:17 348160 ----a-w- c:\documents and settings\Gina M Aguayo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-24a01213-n\msvcr71.dll
2010-08-13 15:17 . 2010-08-13 15:17 61440 ----a-w- c:\documents and settings\Gina M Aguayo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-404ca986-n\decora-sse.dll
2010-08-13 15:17 . 2010-08-13 15:17 12800 ----a-w- c:\documents and settings\Gina M Aguayo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-404ca986-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 10:42 . 2010-02-27 16:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-30 21:12 . 2009-11-25 20:08 8174 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\qbbackup.sys
2010-08-29 22:38 . 2010-08-29 22:37 -------- d-----w- c:\program files\Security Task Manager
2010-08-14 17:59 . 2010-03-20 19:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-22 14:56 . 2010-07-22 14:56 -------- d-----w- c:\program files\IrfanView
2010-07-02 17:02 . 2009-11-25 20:28 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2010-07-02 17:02 . 2009-11-25 20:28 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2010-07-02 17:02 . 2009-11-25 20:28 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2010-07-02 17:02 . 2009-11-25 20:28 267568 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2010-07-02 17:02 . 2009-11-25 20:28 791856 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2010-07-02 17:02 . 2009-11-25 20:28 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2010-07-02 17:02 . 2009-11-25 20:28 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2010-07-02 17:02 . 2009-11-25 20:28 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2010-07-02 17:02 . 2009-11-25 20:28 2184496 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2010-07-02 17:02 . 2009-11-25 20:28 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2010-07-02 17:02 . 2009-11-25 20:28 856880 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\dblgen11.dll
2010-07-02 17:02 . 2009-11-25 20:28 1372424 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-06-30 12:31 . 2008-12-13 15:47 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2008-12-13 15:47 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2008-12-13 15:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2008-12-13 15:47 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2008-12-13 15:47 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 21:13 . 2010-06-22 21:13 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1B.tmp.exe
2010-06-21 15:27 . 2008-12-13 15:47 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-12-13 15:47 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-12-13 16:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-12-13 15:47 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 12:38 . 2009-12-30 17:44 975136 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch2.exe
2010-06-10 12:38 . 2009-11-25 20:24 44832 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-06 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\preload.exe" [2008-12-13 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-06 122368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2008-06-25 49928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-03-01 181608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

c:\documents and settings\Gina M Aguayo\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-7-16 42168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-13 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2010-5-5 505152]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-25 01:31 95496 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.200810171336\\win32\\x86\\symphony.exe"=
"c:\\Program Files\\File-Mate\\FM1500\\File-Mate 1500.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [6/1/2010 4:09 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [6/1/2010 4:09 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [8/18/2010 6:13 PM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [6/1/2010 4:09 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [6/1/2010 4:09 PM 116784]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [6/1/2010 4:09 PM 126392]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [6/24/2008 9:07 PM 12560]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [5/5/2010 1:44 PM 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/30/2010 8:50 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100903.003\IDSXpx86.sys [9/4/2010 8:23 AM 331640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 12:57 PM 135664]
S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-130 revE\WLSVC.exe [5/5/2010 1:44 PM 167936]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [11/24/2009 11:27 AM 222720]
S3 PCX500MP;Cisco 350 Series Lower Device Filter;c:\windows\system32\drivers\pcx500mp.sys [8/5/2002 3:46 PM 4990]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [5/5/2010 1:43 PM 588032]
.
Contents of the 'Scheduled Tasks' folder

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:57]

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:57]

2010-09-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-ACNotify - ACNotify.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 10:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\tvt_gina.dll
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\program files\ThinkPad\ConnectUtilities\Res\US\ACGinaRes.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll

- - - - - - - > 'lsass.exe'(520)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll

- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\rundll32.exe
c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\soffice.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-09-05 10:26:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-05 14:26

Pre-Run: 34,358,669,312 bytes free
Post-Run: 34,259,382,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - ECE564C8DAE998FF891BC3BC211F5DE3
 
How do I finish this?

I started this process to get my computer back. Any chance someone could let me know if I need to do anything else?

I'm still having trouble opening IE after I reboot.
 
How long have you had Norton on your pc? It is known to hog system resources and slow things down.
It is normal to have multiple svchosts running too.

==

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

 
I've had Norton for about a year. it hasn't slowed things down too bad.

Here's the ESET log:

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=807ea227bbfccf4c87e7f66dd03b1757
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-06 06:54:20
# local_time=2010-09-06 02:54:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 37923487 37923487 0 0
# compatibility_mode=3584 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=67633
# found=0
# cleaned=0
# scan_time=1976
 
Nothing there.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

=====

Please download Rootkit Revealer
Unzip it to your desktop.
Open the RootkitRevealer folder and double-click RootkitRevealer.exe
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go to File > Save. Choose to save the log to your desktop.
Open rootkitrevealer.txt
on your desktop and copy the entire contents and paste them here
Please don't surf or do anything else during the scan with RootkitRevealer, or it may interfere with the results and show legitimate entries.
 
Extras.txt

OTL Extras logfile created on: 9/7/2010 6:49:28 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Gina M Aguayo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.88 Gb Total Space | 31.64 Gb Free Space | 59.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GINALT
Current User Name: Gina M Aguayo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200810171336\win32\x86\symphony.exe" = C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200810171336\win32\x86\symphony.exe:*:Enabled:Lotus Symphony -- (IBM)
"C:\Program Files\File-Mate\FM1500\File-Mate 1500.exe" = C:\Program Files\File-Mate\FM1500\File-Mate 1500.exe:*:Enabled:FileMaker Pro Runtime -- (FileMaker, Inc.)
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{059AE497-59F8-D7B5-1DAA-FCF4BC1B7C58}" = Catalyst Control Center Localization Chinese Traditional
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{11169D60-471D-AAC1-A727-51FC104223CB}" = CCC Help Italian
"{163FC91B-DA1C-9DAA-0184-344B91C3E7FE}" = CCC Help German
"{1656575C-F009-CFA2-4685-055318C707E3}" = Catalyst Control Center Localization Swedish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24F90735-7DE4-7A27-3964-C90B4D9F67B8}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{2CDF078C-6D1C-B243-9620-BF85F35E28DD}" = ccc-core-static
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{378002DD-C967-EF30-E337-61E67942F68E}" = Catalyst Control Center Graphics Full Existing
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B51ECD5-C2D1-7CFE-C88A-880BF38C7889}" = CCC Help Spanish
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.40
"{50CFCD01-A327-5D4B-012A-4D89353DA130}" = Catalyst Control Center Localization Dutch
"{538FDA9C-DD91-2E2F-6F25-D42081EDF7F1}" = CCC Help Chinese Traditional
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D32481F-53C1-F104-9FEF-5BFC4754D92F}" = Catalyst Control Center Localization Portuguese
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6dde8b21-0510-4cfd-92db-cac94e4e4d0a}" = IBM Lotus Symphony
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = D-Link DWA-130 Wireless N USB Adapter
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7379FDD1-D0ED-4FF2-B168-E246772E731E}" = ccc-Branding
"{74FF7A9D-4E55-3229-52A7-134F766A3716}" = Catalyst Control Center Localization Chinese Standard
"{7E48FF00-7536-22BA-3E9A-6FD01767443F}" = Catalyst Control Center Core Implementation
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{833CEF67-C0D7-0AA3-B74B-E52ADD3CE6B6}" = CCC Help Portuguese
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89FC04CE-C79E-BF2A-5573-314C3C0217DA}" = CCC Help Japanese
"{8BCB35EE-A631-7B05-B298-CF1486CBFF5E}" = Skins
"{8C8643DD-0D2B-E72B-5F98-4092778D3526}" = Catalyst Control Center Localization French
"{8F3E0B73-FFEA-9C0A-D511-16853C9A1FB6}" = Catalyst Control Center Localization Spanish
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9AFFA0-5758-68E3-BA5A-109DF60D72F7}" = CCC Help Korean
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E63A58-18FE-8831-BB9E-242515A18820}" = ccc-utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi Software
"{B13A120F-D46D-9F48-2E23-D4669281EC03}" = Catalyst Control Center Graphics Full New
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B279DA2D-982B-1304-896C-E404378538AB}" = CCC Help Dutch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6669941-2CCC-5267-13C5-2C9F8388515E}" = Catalyst Control Center Localization Italian
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BE0B22AB-B352-7531-DEA9-7C82F1716454}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C197A4E3-3897-AC35-38DA-EA226CA998BE}" = Catalyst Control Center Localization German
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC6F8E02-185E-D81E-D286-B16C99D7D010}" = CCC Help French
"{EC67B83A-316C-FA07-D458-A7CE32640F34}" = Catalyst Control Center Localization Korean
"{EDD030C6-0CBD-E188-ED6C-1A05AE6E7B77}" = ccc-core-preinstall
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F3285A15-1837-F47D-594B-DB1FEA898388}" = CCC Help Chinese Standard
"{F3302177-39F9-3E21-9C17-730E516445AD}" = CCC Help Swedish
"{F34FB75D-D496-C946-24CC-DE0A77536429}" = Catalyst Control Center Localization Japanese
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"Adobe AIR" = Adobe AIR
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"Cozi Central" = Cozi Central
"ESET Online Scanner" = ESET Online Scanner v3
"File-Mate 1500 (HCFA)_is1" = File-Mate 1500 (1.5.5)
"hp deskjet 3320 series" = hp deskjet 3320 series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordWeb" = WordWeb
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/5/2010 10:09:24 AM | Computer Name = GINALT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\LOCKED> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 9/5/2010 10:09:24 AM | Computer Name = GINALT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\LOCKED> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 9/5/2010 10:09:24 AM | Computer Name = GINALT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\NCMD.CFXXE> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 9/5/2010 10:10:00 AM | Computer Name = GINALT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\TEMP3700> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 9/5/2010 10:10:03 AM | Computer Name = GINALT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\TEMP4505> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 9/5/2010 10:30:14 AM | Computer Name = GINALT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17080, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/5/2010 1:32:53 PM | Computer Name = GINALT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/6/2010 12:09:30 PM | Computer Name = GINALT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/6/2010 12:09:30 PM | Computer Name = GINALT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/7/2010 6:42:01 AM | Computer Name = GINALT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17080, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/5/2010 7:56:23 AM | Computer Name = GINALT | Source = ati2mtag | ID = 43034
Description = Unknown EDID version

Error - 9/5/2010 7:56:23 AM | Computer Name = GINALT | Source = ati2mtag | ID = 43034
Description = Unknown EDID version

Error - 9/5/2010 7:56:23 AM | Computer Name = GINALT | Source = ati2mtag | ID = 43034
Description = Unknown EDID version

Error - 9/5/2010 7:57:03 AM | Computer Name = GINALT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 9/5/2010 10:15:03 AM | Computer Name = GINALT | Source = ati2mtag | ID = 43034
Description = Unknown EDID version

Error - 9/5/2010 10:15:03 AM | Computer Name = GINALT | Source = ati2mtag | ID = 43034
Description = Unknown EDID version

Error - 9/5/2010 10:15:03 AM | Computer Name = GINALT | Source = ati2mtag | ID = 43034
Description = Unknown EDID version

Error - 9/5/2010 10:15:03 AM | Computer Name = GINALT | Source = ati2mtag | ID = 43034
Description = Unknown EDID version

Error - 9/5/2010 10:15:03 AM | Computer Name = GINALT | Source = ati2mtag | ID = 43034
Description = Unknown EDID version

Error - 9/5/2010 11:55:30 AM | Computer Name = GINALT | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the N360 service.


< End of report >
 
OTL log too long

OTL logfile created on: 9/7/2010 6:49:28 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Gina M Aguayo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.88 Gb Total Space | 31.64 Gb Free Space | 59.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GINALT
Current User Name: Gina M Aguayo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/07 06:47:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gina M Aguayo\Desktop\OTL.exe
PRC - [2010/03/01 13:18:44 | 000,181,608 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/03/01 13:18:42 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/03/01 13:18:40 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/03/01 13:18:38 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/03/01 12:17:34 | 000,172,032 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2009/09/10 17:02:14 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
PRC - [2009/09/05 22:31:49 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/05 22:31:48 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/09/03 03:48:44 | 001,153,824 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/03 02:09:42 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/12/13 13:59:44 | 000,872,518 | ---- | M] () -- C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\soffice.exe
PRC - [2008/10/06 11:14:18 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/08/21 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/08 19:37:04 | 000,041,248 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/07/11 00:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/11 00:23:22 | 000,901,120 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/11 00:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/06/12 22:17:01 | 000,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2004/10/14 13:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/07/27 20:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/10/29 07:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/11/03 18:56:41 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
PRC - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/09/07 06:47:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gina M Aguayo\Desktop\OTL.exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 04:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 04:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/08/21 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/01 13:18:40 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/03/01 13:18:38 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2009/09/03 02:09:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe -- (WLSVC)
SRV - [2008/08/08 19:37:04 | 000,041,248 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/07/11 00:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/11 00:23:22 | 000,901,120 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/11 00:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/08/09 21:11:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/14 08:53:30 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100906.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 08:53:29 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100906.024\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100903.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/27 07:12:35 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 07:12:35 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/12 14:21:54 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/10/06 10:47:36 | 000,225,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/08/08 19:36:26 | 000,023,720 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/06/24 21:07:58 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/04/18 19:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 20:24:38 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2008/02/08 09:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/01/30 07:45:38 | 000,050,576 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008/01/07 18:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007/06/21 17:26:20 | 002,156,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/05/02 07:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:38 | 000,242,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/10 01:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2003/02/14 17:09:50 | 000,222,720 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcx500.sys -- (PCX500)
DRV - [2002/08/05 15:46:16 | 000,004,990 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcx500mp.sys -- (PCX500MP)
 
OTL log Part II

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/06/02 10:52:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/12 14:23:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/05 10:18:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\preload.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)
O4 - Startup: C:\Documents and Settings\Gina M Aguayo\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1266803557031 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) - C:\WINDOWS\System32\tvt_gina.dll (Lenovo)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/13 13:01:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/07 06:47:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gina M Aguayo\Desktop\OTL.exe
[2010/09/06 14:20:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/06 12:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/05 10:05:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/05 10:02:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/05 10:02:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/05 10:02:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/05 10:02:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/05 10:02:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/05 10:01:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/05 07:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gina M Aguayo\Application Data\Malwarebytes
[2010/09/05 07:40:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/05 07:40:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/05 07:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/05 07:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/05 07:37:26 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gina M Aguayo\Desktop\mbam-setup-1.46.exe
[2010/09/05 07:22:40 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gina M Aguayo\Desktop\TFC.exe
[2010/08/29 18:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gina M Aguayo\Local Settings\Application Data\Help
[2010/08/29 18:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gina M Aguayo\Application Data\Help
[2010/08/29 18:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/08/29 18:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/07/22 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView

========== Files - Modified Within 90 Days ==========

[2010/09/07 06:47:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gina M Aguayo\Desktop\OTL.exe
[2010/09/06 15:14:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/05 10:21:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/05 10:18:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/05 10:17:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 10:17:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/09/05 10:17:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/05 10:14:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 10:14:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 10:13:44 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Gina M Aguayo\NTUSER.DAT
[2010/09/05 10:13:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Gina M Aguayo\ntuser.ini
[2010/09/05 10:05:42 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/05 10:00:51 | 003,837,097 | R--- | M] () -- C:\Documents and Settings\Gina M Aguayo\Desktop\ComboFix.exe
[2010/09/05 08:05:36 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Gina M Aguayo\Desktop\gmer.exe
[2010/09/05 07:37:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gina M Aguayo\Desktop\mbam-setup-1.46.exe
[2010/09/05 07:22:43 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gina M Aguayo\Desktop\TFC.exe
[2010/08/31 13:27:05 | 000,000,518 | ---- | M] () -- C:\hpfr3320.xml
[2010/08/16 08:05:51 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Gina M Aguayo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/08/16 08:05:49 | 000,465,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/16 08:05:49 | 000,079,302 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/16 08:05:48 | 000,552,118 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/14 14:42:10 | 000,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/14 14:19:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/14 14:18:19 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/14 13:59:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
 
OTL Log Part III

========== Files Created - No Company Name ==========

[2010/09/05 10:05:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/05 10:05:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/05 10:02:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/05 10:02:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/05 10:02:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/05 10:02:26 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/05 10:02:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/05 10:00:44 | 003,837,097 | R--- | C] () -- C:\Documents and Settings\Gina M Aguayo\Desktop\ComboFix.exe
[2010/09/05 08:05:34 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Gina M Aguayo\Desktop\gmer.exe
[2010/06/06 16:48:33 | 000,000,396 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/06/06 16:47:15 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/12 14:11:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Gina M Aguayo\Local Settings\Application Data\fusioncache.dat
[2010/05/05 13:44:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.sys
[2010/05/05 13:44:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2010/04/15 07:23:23 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/04/15 07:23:22 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/04/15 07:23:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/11/25 15:46:13 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/31 14:53:26 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Gina M Aguayo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/23 11:42:41 | 000,027,218 | ---- | C] () -- C:\Documents and Settings\Gina M Aguayo\Application Data\Personal Address Book.ADR
[2009/06/22 17:32:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/13 14:10:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/13 14:10:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/13 14:10:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/13 14:10:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/13 14:10:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/13 14:10:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/13 14:09:31 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/13 13:56:37 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/12/13 11:59:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/13 11:47:42 | 000,000,210 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/01/26 16:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/15 12:13:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll

========== LOP Check ==========

[2009/11/25 15:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/08/04 11:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cozi
[2010/05/05 13:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D-Link
[2010/06/06 16:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/11/25 15:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/02/05 22:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/08/29 18:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/11/25 15:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/01/02 18:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/13 13:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2009/08/04 11:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\Cozi
[2009/09/04 10:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\fhnetwork.com
[2009/08/21 21:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\InterVideo
[2009/07/16 08:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\net.dacons.filefire advanced
[2010/02/21 22:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\Windows Desktop Search
[2010/02/24 17:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\Windows Search
[2010/09/05 10:17:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/08/21 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/21 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/08/21 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/21 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/08/21 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/08/21 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/08/21 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/08/21 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/08/21 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/08/21 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/08/21 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/08/21 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/08/21 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/08/21 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/08/21 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/12/13 04:52:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/12/13 04:52:57 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/12/13 04:52:57 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
 
I've run RootkitRevealer twice but I can't save the log file. Each time I try to save it, I get an error message for the desktop and then the program becomes unresponisve. Should I run it again and see if I can get a screen shot of the report?
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :Commands
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

==

Instead of rootkitrevealer, try the following:

Download and Save Blacklight to your desktop:

Double-click on the file, then accept the agreement. Hit the scan button and wait until it's finished running.

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
 
OTL log after run fix

All processes killed
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: BB443B11-7D12-450c-9F85-2D32804655F9

User: Default User

User: Gina M Aguayo
->Flash cache emptied: 27972 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: BB443B11-7D12-450c-9F85-2D32804655F9

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gina M Aguayo
->Temp folder emptied: 1297088 bytes
->Temporary Internet Files folder emptied: 124681458 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17093 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2548 bytes

Total Files Cleaned = 120.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.11.0 log created on 09082010_135325

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c4.dat not found!

Registry entries deleted on Reboot...
 
OTL log quick scan

OTL logfile created on: 9/8/2010 2:10:47 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Gina M Aguayo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.88 Gb Total Space | 32.17 Gb Free Space | 60.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GINALT
Current User Name: Gina M Aguayo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/07 06:47:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gina M Aguayo\Desktop\OTL.exe
PRC - [2010/03/01 13:18:44 | 000,181,608 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/03/01 13:18:42 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/03/01 13:18:40 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/03/01 13:18:38 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/03/01 12:17:34 | 000,172,032 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2009/09/10 17:02:14 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
PRC - [2009/09/05 22:31:49 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/05 22:31:48 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/09/03 03:48:44 | 001,153,824 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/03 02:09:42 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/13 13:59:44 | 000,872,518 | ---- | M] () -- C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\soffice.exe
PRC - [2008/10/06 11:14:18 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/08/21 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/08 19:37:04 | 000,041,248 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/07/11 00:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/11 00:23:22 | 000,901,120 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/11 00:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/06/12 22:17:01 | 000,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2004/10/14 13:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/07/27 20:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/10/29 07:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/11/03 18:56:41 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
PRC - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/09/07 06:47:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gina M Aguayo\Desktop\OTL.exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 04:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 04:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/08/21 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\GINAMA~1\LOCALS~1\Temp\PJM.exe -- (PJM)
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\GINAMA~1\LOCALS~1\Temp\LSPJOUGLFQGVZT.exe -- (LSPJOUGLFQGVZT)
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\GINAMA~1\LOCALS~1\Temp\HQXSZOD.exe -- (HQXSZOD)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/01 13:18:40 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/03/01 13:18:38 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2009/09/03 02:09:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe -- (WLSVC)
SRV - [2008/08/08 19:37:04 | 000,041,248 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/07/11 00:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/11 00:23:22 | 000,901,120 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/11 00:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/08/09 21:11:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/14 08:53:30 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100907.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 08:53:29 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100907.048\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100906.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/27 07:12:35 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 07:12:35 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/12 14:21:54 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/10/06 10:47:36 | 000,225,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/08/08 19:36:26 | 000,023,720 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/06/24 21:07:58 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/04/18 19:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 20:24:38 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2008/02/08 09:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/01/30 07:45:38 | 000,050,576 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008/01/07 18:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007/06/21 17:26:20 | 002,156,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/05/02 07:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:38 | 000,242,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/10 01:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2003/02/14 17:09:50 | 000,222,720 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcx500.sys -- (PCX500)
DRV - [2002/08/05 15:46:16 | 000,004,990 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcx500mp.sys -- (PCX500MP)
 
Part II

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/06/02 10:52:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/12 14:23:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/08 13:54:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\preload.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)
O4 - Startup: C:\Documents and Settings\Gina M Aguayo\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1266803557031 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) - C:\WINDOWS\System32\tvt_gina.dll (Lenovo)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/13 13:01:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/08 13:53:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/08 13:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gina M Aguayo\Desktop\Computer fix
[2010/09/07 07:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gina M Aguayo\Desktop\RootkitRevealer
[2010/09/07 06:47:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gina M Aguayo\Desktop\OTL.exe
[2010/09/06 14:20:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/06 12:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/05 10:05:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/05 10:02:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/05 10:02:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/05 10:02:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/05 10:02:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/05 10:02:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/05 10:01:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/05 07:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gina M Aguayo\Application Data\Malwarebytes
[2010/09/05 07:40:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/05 07:40:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/05 07:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/05 07:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/29 18:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gina M Aguayo\Local Settings\Application Data\Help
[2010/08/29 18:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gina M Aguayo\Application Data\Help
[2010/08/29 18:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/08/29 18:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/07/22 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView

========== Files - Modified Within 90 Days ==========

[2010/09/08 14:14:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/08 13:58:50 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/09/08 13:58:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/08 13:58:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/08 13:57:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 13:57:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 13:56:04 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Gina M Aguayo\NTUSER.DAT
[2010/09/08 13:55:39 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Gina M Aguayo\ntuser.ini
[2010/09/08 13:54:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/07 06:47:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gina M Aguayo\Desktop\OTL.exe
[2010/09/05 10:21:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/05 10:05:42 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/05 10:00:51 | 003,837,097 | R--- | M] () -- C:\Documents and Settings\Gina M Aguayo\Desktop\ComboFix.exe
[2010/08/31 13:27:05 | 000,000,518 | ---- | M] () -- C:\hpfr3320.xml
[2010/08/16 08:05:51 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Gina M Aguayo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/08/16 08:05:49 | 000,465,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/16 08:05:49 | 000,079,302 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/16 08:05:48 | 000,552,118 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/14 14:42:10 | 000,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/14 14:19:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/14 14:18:19 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/14 13:59:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2010/09/05 10:05:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/05 10:05:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/05 10:02:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/05 10:02:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/05 10:02:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/05 10:02:26 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/05 10:02:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/05 10:00:44 | 003,837,097 | R--- | C] () -- C:\Documents and Settings\Gina M Aguayo\Desktop\ComboFix.exe
[2010/06/06 16:48:33 | 000,000,396 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/06/06 16:47:15 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/12 14:11:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Gina M Aguayo\Local Settings\Application Data\fusioncache.dat
[2010/05/05 13:44:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.sys
[2010/05/05 13:44:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2010/04/15 07:23:23 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/04/15 07:23:22 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/04/15 07:23:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/11/25 15:46:13 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/31 14:53:26 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Gina M Aguayo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/23 11:42:41 | 000,027,218 | ---- | C] () -- C:\Documents and Settings\Gina M Aguayo\Application Data\Personal Address Book.ADR
[2009/06/22 17:32:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/13 14:10:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/13 14:10:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/13 14:10:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/13 14:10:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/13 14:10:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/13 14:10:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/13 14:09:31 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/13 13:56:37 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/12/13 11:59:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/13 11:47:42 | 000,000,210 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/01/26 16:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/15 12:13:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll

========== LOP Check ==========

[2009/11/25 15:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/08/04 11:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cozi
[2010/05/05 13:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D-Link
[2010/06/06 16:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/11/25 15:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/02/05 22:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/08/29 18:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/11/25 15:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/01/02 18:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/13 13:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2009/08/04 11:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\Cozi
[2009/09/04 10:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\fhnetwork.com
[2009/08/21 21:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\InterVideo
[2009/07/16 08:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\net.dacons.filefire advanced
[2010/02/21 22:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\Windows Desktop Search
[2010/02/24 17:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina M Aguayo\Application Data\Windows Search
[2010/09/08 13:58:50 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
 
Thank you so much for what you've been able to do so far. Things are running much faster and more smoothly than they have in months!
 
Go to Start | Run and type in msconfig and hit OK. Select the Startup Tab.
Uncheck any/all of the following entries:
BluetoothAuthenticationAgent
Google Quick Search Box
HPDJ Taskbar Utility
Intuit SyncManager
ISUSPM Startup
ISUSScheduler
SoundMAXPnP
StartCCC
TVT Scheduler Proxy
SODCPreLoad
swg]
(BVRP Software)
(Intuit Inc.)
(Microsoft Corporation)
(Antony Lewis)

Apply the settings then OK out and restart the pc.

Those programs can still be used, they will not be starting with Windows though.

Let me know if that makes a difference.
 

Similar threads

Cal Jeffrey
Doom defies the impossible by running in TypeScript's type system
Replies
4
Views
141
Cal Jeffrey
Cal Jeffrey
Julio Franco
We're getting closer to having practical quantum computers - here's what they will be used for
Replies
11
Views
264
jeffbert
J
Bob O'Donnell
Samsung cracks the AI puzzle with Galaxy S25, finally
Replies
13
Views
412
JupitersMoon
JupitersMoon

Latest posts

Back