acer aspire one D150 netbook freezing [Archive]

View Full Version : acer aspire one D150 netbook freezing

stoneshaper

2012-07-13, 06:34

I am trying to help a friend. Her Aspire One D150 locks up any time it is run in normal mode. Does not freeze in safe mode. I tried disabling most start-up services but it didn't help. Seems to happen about the time everything gets loaded and running. At first cursor will still move but has no effect then it too freezes. McAfee says it is unprotected but computer freezes before it can scan.
I will use home computer to download programs to flash drive and if possible install in safe mode on the Aspire. I can do a few things after boot up in normal mode if its quick.
There are no piracy issues and she has installed very little third party programs.
Thank you for the work you people are doing.
DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Donna at 22:21:17 on 2012-07-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.642 [GMT -5:00]
.
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer eRecovery Management\NotificationLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Donna\LOCALS~1\Temp\RtkBtMnt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [NotificationCenterLauncher] c:\program files\acer\acer erecovery management\NotificationLauncher.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\donna\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342060240328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342060232390
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{0B4845B2-0B34-45AB-8C0C-FF69AE4AB09C} : DhcpNameServer = 192.168.10.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-16 144704]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-16 95200]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-16 359952]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-1-16 237568]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-16 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-16 35272]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-16 24064]
S3 iscFlash;iscFlash;\??\c:\docume~1\donna\locals~1\temp\7zsf.tmp\iscflash.sys --> c:\docume~1\donna\locals~1\temp\7zsf.tmp\iscflash.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-16 40552]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-1-16 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-16 606736]
.
=============== Created Last 30 ================
.
2012-07-13 02:16:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-13 02:16:19 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-12 03:22:35 -------- d-sh--w- C:\found.000
2012-07-12 02:30:56 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-11 04:07:03 98816 ----a-w- c:\windows\sed.exe
2012-07-11 04:07:03 518144 ----a-w- c:\windows\SWREG.exe
2012-07-11 04:07:03 256000 ----a-w- c:\windows\PEV.exe
2012-07-11 04:07:03 208896 ----a-w- c:\windows\MBR.exe
2012-07-11 04:06:38 -------- d-----w- C:\ComboFix
2012-07-10 04:34:20 -------- d-----w- c:\documents and settings\donna\application data\Malwarebytes
2012-07-10 04:34:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-10 04:34:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-10 04:34:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-10 04:03:47 -------- d-----w- c:\program files\trend micro
2012-07-10 04:02:44 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-07-10 03:13:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-10 03:13:00 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-10 03:12:46 -------- d-----w- C:\0160a5cb8768dca4f6eb
2012-07-10 03:10:51 -------- d-----w- c:\program files\McAfee.com
2012-07-10 03:10:36 -------- d-----w- c:\program files\common files\McAfee
2012-07-10 01:04:51 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-07-10 01:04:44 -------- d-----w- c:\documents and settings\donna\local settings\application data\AVG Secure Search
2012-07-10 01:03:40 -------- d-----w- c:\documents and settings\donna\application data\AVG Secure Search
2012-07-10 01:03:34 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-10 01:03:33 -------- d-----w- c:\program files\AVG Secure Search
2012-07-10 01:02:55 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-10 01:02:55 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-07-10 01:02:55 -------- d-----w- C:\$AVG
2012-07-10 01:02:22 -------- d-----w- c:\program files\AVG
2012-07-10 00:51:51 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-07-10 00:51:51 -------- d-----w- c:\documents and settings\all users\application data\Common Files
2012-07-10 00:13:45 -------- d-----w- C:\a5e8f45f25baa017afcc3d7dd8ec
2012-07-10 00:08:05 -------- d-----w- c:\windows\pss
2012-07-09 23:43:48 -------- d-----w- C:\695a62174b17b3390824
2012-07-04 13:04:46 -------- d-----w- C:\3d296386f402c8162e5272ed064d
2012-07-03 22:21:48 -------- d-----w- C:\f4e35f02c6426828dad9677121
2012-06-30 00:12:21 -------- d-----w- C:\134376ae0be880e80e68ae46
2012-06-29 00:15:47 -------- d-----w- C:\2f7b001c55cc6fa8b7733983316818eb
2012-06-28 08:56:15 -------- d-----w- C:\a8a8a57d4683992534
2012-06-27 23:19:28 -------- d-----w- C:\7050c73bf32e6689c8
2012-06-27 23:14:07 -------- d-----w- C:\2887ba8a5b89f5475f
2012-06-27 05:01:33 -------- d-----w- C:\68f8fb3dbe4e208d0d
2012-06-17 12:13:26 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 22:23:13.89 ===============

ken545

2012-07-25, 01:43

:snwelcome:

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR

Looks like you may have already run Combofix, go to C:\ComboFix.txt and post the log please

stoneshaper

2012-07-25, 04:20

Thank you for getting back to me. I did run combo fix (my bad) and I was able to surf and use her netpad until it rebooted after an update. It showed several orphaned files being reloaded. After completion it again promptly locked up again.

ComboFix 12-07-10.01 - Donna 07/10/2012 23:10:49.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.669 [GMT -5:00]
Running from: C:\Documents and Settings\Donna\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\a

((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))

2012-07-10 04:34:20 . 2012-07-10 04:34:20 -------- d-----w- C:\Documents and Settings\Donna\Application Data\Malwarebytes
2012-07-10 04:34:14 . 2012-07-10 04:34:14 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-07-10 04:34:13 . 2012-07-10 04:34:16 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-07-10 04:34:13 . 2012-04-04 20:56:40 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-07-10 04:24:47 . 2012-07-11 04:04:54 -------- d-----w- C:\Documents and Settings\Donna\Application Data\U3
2012-07-10 04:03:47 . 2012-07-10 04:04:21 -------- d-----w- C:\rsit
2012-07-10 04:03:47 . 2012-07-10 04:03:47 -------- d-----w- C:\Program Files\trend micro
2012-07-10 04:02:44 . 2008-04-14 05:10:28 57600 ----a-w- C:\WINDOWS\system32\drivers\redbook.sys
2012-07-10 03:13:00 . 2012-07-10 03:13:00 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2012-07-10 03:12:46 . 2012-07-10 03:12:46 -------- d-----w- C:\0160a5cb8768dca4f6eb
2012-07-10 03:10:51 . 2012-07-10 03:10:51 -------- d-----w- C:\Program Files\McAfee.com
2012-07-10 03:10:36 . 2012-07-10 03:10:51 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-07-10 01:04:51 . 2012-07-10 01:04:51 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2012-07-10 01:04:44 . 2012-07-10 01:04:44 -------- d-----w- C:\Documents and Settings\Donna\Local Settings\Application Data\AVG Secure Search
2012-07-10 01:03:40 . 2012-07-10 01:03:40 -------- d-----w- C:\Documents and Settings\Donna\Application Data\AVG Secure Search
2012-07-10 01:03:34 . 2012-07-10 03:11:42 -------- d-----w- C:\Program Files\Common Files\AVG Secure Search
2012-07-10 01:03:33 . 2012-07-10 03:11:42 -------- d-----w- C:\Program Files\AVG Secure Search
2012-07-10 01:02:55 . 2012-07-10 03:11:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG2012
2012-07-10 01:02:55 . 2012-07-10 03:11:43 -------- d-----w- C:\$AVG
2012-07-10 01:02:55 . 2012-07-10 01:53:36 -------- d-----w- C:\WINDOWS\system32\drivers\AVG
2012-07-10 01:02:22 . 2012-07-10 01:02:22 -------- d-----w- C:\Program Files\AVG
2012-07-10 00:51:51 . 2012-07-10 03:11:59 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData
2012-07-10 00:51:51 . 2012-07-10 00:51:51 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Common Files
2012-07-10 00:13:45 . 2012-07-10 03:12:08 -------- d-----w- C:\a5e8f45f25baa017afcc3d7dd8ec
2012-07-09 23:43:48 . 2012-07-10 03:12:44 -------- d-----w- C:\695a62174b17b3390824
2012-07-09 23:35:47 . 2012-07-09 23:36:37 -------- d-----w- C:\Documents and Settings\Administrator
2012-07-04 13:04:46 . 2012-07-09 23:38:05 -------- d-----w- C:\3d296386f402c8162e5272ed064d
2012-07-03 22:21:48 . 2012-07-09 23:38:05 -------- d-----w- C:\f4e35f02c6426828dad9677121
2012-06-30 00:12:21 . 2012-07-09 23:38:05 -------- d-----w- C:\134376ae0be880e80e68ae46
2012-06-29 00:15:47 . 2012-07-09 23:38:06 -------- d-----w- C:\2f7b001c55cc6fa8b7733983316818eb
2012-06-28 08:56:15 . 2012-07-09 23:38:06 -------- d-----w- C:\a8a8a57d4683992534
2012-06-27 23:19:28 . 2012-07-09 23:38:06 -------- d-----w- C:\7050c73bf32e6689c8
2012-06-27 23:14:07 . 2012-07-09 23:38:06 -------- d-----w- C:\2887ba8a5b89f5475f
2012-06-27 05:01:33 . 2012-07-09 23:38:12 -------- d-----w- C:\68f8fb3dbe4e208d0d
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-31 13:22:09 . 2009-01-16 23:18:43 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll

ken545

2012-07-25, 10:57

Hi,

Thats not the entire Combofix log, open the log and click on edit> select all ......edit > copy

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

stoneshaper

2012-07-25, 14:00

It looks like all the combo txt, should I rerun?
------
ComboFix 12-07-10.01 - Donna 07/10/2012 23:10:49.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.669 [GMT -5:00]
Running from: C:\Documents and Settings\Donna\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\a

((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))

2012-07-10 04:34:20 . 2012-07-10 04:34:20 -------- d-----w- C:\Documents and Settings\Donna\Application Data\Malwarebytes
2012-07-10 04:34:14 . 2012-07-10 04:34:14 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-07-10 04:34:13 . 2012-07-10 04:34:16 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-07-10 04:34:13 . 2012-04-04 20:56:40 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-07-10 04:24:47 . 2012-07-11 04:04:54 -------- d-----w- C:\Documents and Settings\Donna\Application Data\U3
2012-07-10 04:03:47 . 2012-07-10 04:04:21 -------- d-----w- C:\rsit
2012-07-10 04:03:47 . 2012-07-10 04:03:47 -------- d-----w- C:\Program Files\trend micro
2012-07-10 04:02:44 . 2008-04-14 05:10:28 57600 ----a-w- C:\WINDOWS\system32\drivers\redbook.sys
2012-07-10 03:13:00 . 2012-07-10 03:13:00 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2012-07-10 03:12:46 . 2012-07-10 03:12:46 -------- d-----w- C:\0160a5cb8768dca4f6eb
2012-07-10 03:10:51 . 2012-07-10 03:10:51 -------- d-----w- C:\Program Files\McAfee.com
2012-07-10 03:10:36 . 2012-07-10 03:10:51 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-07-10 01:04:51 . 2012-07-10 01:04:51 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2012-07-10 01:04:44 . 2012-07-10 01:04:44 -------- d-----w- C:\Documents and Settings\Donna\Local Settings\Application Data\AVG Secure Search
2012-07-10 01:03:40 . 2012-07-10 01:03:40 -------- d-----w- C:\Documents and Settings\Donna\Application Data\AVG Secure Search
2012-07-10 01:03:34 . 2012-07-10 03:11:42 -------- d-----w- C:\Program Files\Common Files\AVG Secure Search
2012-07-10 01:03:33 . 2012-07-10 03:11:42 -------- d-----w- C:\Program Files\AVG Secure Search
2012-07-10 01:02:55 . 2012-07-10 03:11:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG2012
2012-07-10 01:02:55 . 2012-07-10 03:11:43 -------- d-----w- C:\$AVG
2012-07-10 01:02:55 . 2012-07-10 01:53:36 -------- d-----w- C:\WINDOWS\system32\drivers\AVG
2012-07-10 01:02:22 . 2012-07-10 01:02:22 -------- d-----w- C:\Program Files\AVG
2012-07-10 00:51:51 . 2012-07-10 03:11:59 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData
2012-07-10 00:51:51 . 2012-07-10 00:51:51 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Common Files
2012-07-10 00:13:45 . 2012-07-10 03:12:08 -------- d-----w- C:\a5e8f45f25baa017afcc3d7dd8ec
2012-07-09 23:43:48 . 2012-07-10 03:12:44 -------- d-----w- C:\695a62174b17b3390824
2012-07-09 23:35:47 . 2012-07-09 23:36:37 -------- d-----w- C:\Documents and Settings\Administrator
2012-07-04 13:04:46 . 2012-07-09 23:38:05 -------- d-----w- C:\3d296386f402c8162e5272ed064d
2012-07-03 22:21:48 . 2012-07-09 23:38:05 -------- d-----w- C:\f4e35f02c6426828dad9677121
2012-06-30 00:12:21 . 2012-07-09 23:38:05 -------- d-----w- C:\134376ae0be880e80e68ae46
2012-06-29 00:15:47 . 2012-07-09 23:38:06 -------- d-----w- C:\2f7b001c55cc6fa8b7733983316818eb
2012-06-28 08:56:15 . 2012-07-09 23:38:06 -------- d-----w- C:\a8a8a57d4683992534
2012-06-27 23:19:28 . 2012-07-09 23:38:06 -------- d-----w- C:\7050c73bf32e6689c8
2012-06-27 23:14:07 . 2012-07-09 23:38:06 -------- d-----w- C:\2887ba8a5b89f5475f
2012-06-27 05:01:33 . 2012-07-09 23:38:12 -------- d-----w- C:\68f8fb3dbe4e208d0d
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-31 13:22:09 . 2009-01-16 23:18:43 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll

mbr log
------------------------
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-25 05:53:41
-----------------------------
05:53:41.813 OS Version: Windows 5.1.2600 Service Pack 3
05:53:41.813 Number of processors: 2 586 0x1C02
05:53:41.813 ComputerName: ACER-36D0BD61CF UserName: Donna
05:53:44.016 Initialize success
05:53:50.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
05:53:50.641 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
05:53:50.719 Disk 0 MBR read successfully
05:53:50.719 Disk 0 MBR scan
05:53:50.735 Disk 0 Windows VISTA default MBR code
05:53:50.782 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6150 MB offset 2048
05:53:50.844 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146475 MB offset 12597248
05:53:50.860 Disk 0 scanning sectors +312578048
05:53:50.969 Disk 0 scanning C:\WINDOWS\system32\drivers
05:53:58.157 Service scanning
05:54:12.032 Modules scanning
05:54:22.969 Disk 0 trace - called modules:
05:54:23.032 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
05:54:23.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e0e868]
05:54:23.438 3 CLASSPNP.SYS[f767dfd7] -> nt!IofCallDriver -> \Device\0000006a[0x863ac0f8]
05:54:23.453 5 ACPI.sys[f75f4620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8637b030]
05:54:23.469 Scan finished successfully
05:54:51.500 Disk 0 MBR has been saved successfully to "E:\Documents\MBR.dat"
05:54:51.657 The log file has been saved successfully to "E:\Documents\aswMBR.txt"

ken545

2012-07-25, 14:13

Hi,

No need to rerun Combofix

aswMBR looks ok also

See if you can get this free online virus scanner to run, you can run it in Safemode with Network Support

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

stoneshaper

2012-07-28, 03:49

I have tried several times in the last few days to get a complete scan to no avail. It will go to 97% and then stops (whole computer locks up) on file
C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\inetcpl.cpl
It shows no threats found for what it has scanned but I cannot obtain a log..

ken545

2012-07-28, 04:34

Give this one a try and if it wont run we will move on

Running TrendMicro HouseCall:

Click Download HouseCall (http://go.trendmicro.com/housecall7/HousecallLauncher.exe) to begin. Please note that HouseCall requires a small download before it can scan your computer.
Download it to your desktop
Double click HousecallLauncher.exe
Select the Full Scan option.
Let the scan run then post the results to this thread.

stoneshaper

2012-07-28, 18:02

Tried running housecall. It will run until it hits file
C:\i386\ntkrnlmp.exe then it too locks up. No threats found it what it did scan.

ken545

2012-07-28, 22:10

Lets see if these will run.

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

stoneshaper

2012-07-29, 05:01

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
Donna :: ACER-36D0BD61CF [administrator]

7/28/2012 8:08:56 PM
mbam-log-2012-07-28 (20-08-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284982
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OLT
OTL logfile created on: 7/28/2012 8:49:54 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Donna\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.88 Mb Total Physical Memory | 770.79 Mb Available Physical Memory | 76.02% Memory free
2.39 Gb Paging File | 2.29 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 123.12 Gb Free Space | 86.08% Space Free | Partition Type: NTFS

Computer Name: ACER-36D0BD61CF | User Name: Donna | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Donna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (USBCCID) -- system32\DRIVERS\Rts5161ccid.sys File not found
DRV - (Rts516xIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (iscFlash) -- C:\DOCUME~1\Donna\LOCALS~1\Temp\7zSF.tmp\iscflash.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Donna\LOCALS~1\Temp\catchme.sys File not found
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (int15.sys) -- c:\Acernb\int15.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2771580065-927890586-840360825-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2771580065-927890586-840360825-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2771580065-927890586-840360825-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2771580065-927890586-840360825-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2771580065-927890586-840360825-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/25 17:07:25 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/07/12 21:26:16 | 000,442,725 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15234 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2771580065-927890586-840360825-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2771580065-927890586-840360825-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2771580065-927890586-840360825-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2771580065-927890586-840360825-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342060240328 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342060232390 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B4845B2-0B34-45AB-8C0C-FF69AE4AB09C}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8C3F79C-33FD-4DF6-9763-D52994DCDB82}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/16 18:34:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 20:43:59 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Donna\Desktop\OTL.exe
[2012/07/28 20:06:23 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Donna\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/28 14:11:42 | 000,000,000 | ---D | C] -- C:\backup
[2012/07/28 08:11:41 | 002,002,944 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Donna\Desktop\HousecallLauncher.exe
[2012/07/27 21:18:19 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/07/27 21:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Application Data\DriverCure
[2012/07/27 21:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Application Data\SpeedyPC Software
[2012/07/27 21:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Start Menu\Programs\SpeedyPC Software
[2012/07/27 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/07/27 21:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/07/27 21:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/07/27 19:57:53 | 000,000,000 | ---D | C] -- C:\ubuntu
[2012/07/26 05:03:33 | 000,000,000 | ---D | C] -- C:\f04441420a44802669
[2012/07/25 17:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/25 17:03:58 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/07/25 05:48:03 | 000,000,000 | ---D | C] -- C:\ed111e0310983e183181dcf521b3
[2012/07/12 22:22:42 | 000,000,000 | ---D | C] -- C:\7a2cb2103f63f0c01dafde
[2012/07/12 22:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/07/12 22:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/07/12 21:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/12 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/12 21:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/07/11 22:22:35 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/07/11 21:30:56 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/07/11 05:38:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/10 23:07:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/10 23:07:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/10 23:07:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/10 23:07:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/10 23:06:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/10 23:06:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/10 23:06:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Donna\My Documents\My Videos
[2012/07/10 23:06:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/07/10 23:06:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Donna\Start Menu\Programs\Administrative Tools
[2012/07/10 23:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/09 23:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Application Data\Malwarebytes
[2012/07/09 23:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/09 23:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/09 23:34:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/09 23:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/09 23:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Application Data\U3
[2012/07/09 23:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/07/09 23:03:47 | 000,000,000 | ---D | C] -- C:\rsit
[2012/07/09 22:12:46 | 000,000,000 | ---D | C] -- C:\0160a5cb8768dca4f6eb
[2012/07/09 22:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2012/07/09 22:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/07/09 22:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/07/09 22:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/07/09 22:00:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/09 20:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/09 20:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Local Settings\Application Data\AVG Secure Search
[2012/07/09 20:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Application Data\AVG Secure Search
[2012/07/09 20:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/09 20:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/09 20:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/07/09 20:02:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/07/09 20:02:55 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/07/09 20:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/07/09 19:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/07/09 19:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/09 19:13:45 | 000,000,000 | ---D | C] -- C:\a5e8f45f25baa017afcc3d7dd8ec
[2012/07/09 19:08:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/07/09 18:43:48 | 000,000,000 | ---D | C] -- C:\695a62174b17b3390824
[2012/07/04 08:04:46 | 000,000,000 | ---D | C] -- C:\3d296386f402c8162e5272ed064d
[2012/07/03 17:21:48 | 000,000,000 | ---D | C] -- C:\f4e35f02c6426828dad9677121
[2012/06/29 19:12:21 | 000,000,000 | ---D | C] -- C:\134376ae0be880e80e68ae46
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/28 20:43:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/28 20:07:52 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donna\Desktop\OTL.exe
[2012/07/28 20:06:58 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 20:06:29 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Donna\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/28 08:11:46 | 002,002,944 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Donna\Desktop\HousecallLauncher.exe
[2012/07/27 21:16:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\housecall.guid.cache
[2012/07/27 21:13:47 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/07/27 21:13:36 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Donna\Desktop\SpeedyPC Pro.lnk
[2012/07/27 21:13:36 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/07/27 21:13:36 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/07/27 21:13:35 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/07/27 20:26:06 | 000,135,675 | ---- | M] () -- C:\wubildr
[2012/07/27 20:26:06 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2012/07/27 18:50:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/25 20:31:09 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/25 18:53:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/07/25 05:57:40 | 000,436,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/25 05:57:40 | 000,069,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/12 22:22:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/12 22:16:35 | 000,000,867 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2012/07/12 22:11:54 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Donna\Desktop\ERUNT.lnk
[2012/07/12 21:26:16 | 000,442,725 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/12 21:16:28 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/12 21:16:28 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\Donna\Desktop\Spybot - Search & Destroy.lnk
[2012/07/10 23:21:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120712-212616.backup
[2012/07/09 20:53:10 | 063,961,885 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/09 20:50:30 | 000,033,758 | ---- | M] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\dt.dat
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/28 20:06:58 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/27 21:16:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\housecall.guid.cache
[2012/07/27 21:13:47 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/07/27 21:13:36 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Donna\Desktop\SpeedyPC Pro.lnk
[2012/07/27 21:13:36 | 000,000,492 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/07/27 21:13:36 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/07/27 21:13:35 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/07/27 20:26:06 | 000,135,675 | ---- | C] () -- C:\wubildr
[2012/07/27 20:26:06 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2012/07/12 22:11:54 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Donna\Desktop\ERUNT.lnk
[2012/07/12 21:16:28 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/12 21:16:28 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\Donna\Desktop\Spybot - Search & Destroy.lnk
[2012/07/10 23:07:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/10 23:07:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/10 23:07:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/10 23:07:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/10 23:07:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/09 23:26:52 | 000,000,867 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2012/07/09 20:53:10 | 063,961,885 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/09 20:50:30 | 000,033,758 | ---- | C] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\dt.dat
[2012/02/16 15:48:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== LOP Check ==========

[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer
[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.ACER-36D0BD61CF.000\Application Data\Acer
[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.ACER-36D0BD61CF.001\Application Data\Acer
[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.ACER-36D0BD61CF.003\Application Data\Acer
[2012/07/09 20:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/09 22:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/07/09 19:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/16 20:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2012/07/09 22:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/07/27 21:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Acer
[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\Acer
[2012/07/09 20:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\AVG Secure Search
[2012/07/27 21:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\DriverCure
[2010/01/12 13:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\eSobi
[2012/07/27 21:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\SpeedyPC Software
[2012/07/27 21:13:35 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Pro.job
[2012/07/27 21:13:47 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Registration3.job
[2012/07/27 21:13:36 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/07/27 21:13:36 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========

< End of report >
OTL EXTRAS
OTL Extras logfile created on: 7/28/2012 8:44:15 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Donna\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.88 Mb Total Physical Memory | 800.03 Mb Available Physical Memory | 78.91% Memory free
2.39 Gb Paging File | 2.31 Gb Available in Paging File | 96.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 123.12 Gb Free Space | 86.08% Space Free | Partition Type: NTFS
Drive D: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.81 Gb Total Space | 3.33 Gb Free Space | 87.27% Space Free | Partition Type: FAT32

Computer Name: ACER-36D0BD61CF | User Name: Donna | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.260_Foxconn Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{73490214-D4F4-450B-9DAC-416E4CEB3C58}" = Acer ScreenSaver
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2012 10:02:02 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/27/2012 10:05:43 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/27/2012 10:05:43 PM | Computer Name = ACER-36D0BD61CF | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 7/27/2012 10:05:44 PM | Computer Name = ACER-36D0BD61CF | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 7

Error - 7/27/2012 10:07:14 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/28/2012 9:08:26 AM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/28/2012 10:32:04 AM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/28/2012 2:30:27 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/28/2012 3:04:21 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/28/2012 3:05:32 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

[ System Events ]
Error - 7/28/2012 2:34:37 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 3:05:46 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/28/2012 9:37:16 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 9:37:18 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 9:37:21 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 9:38:17 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 9:42:16 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/28/2012 9:43:31 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 9:43:32 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/28/2012 9:43:35 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >

ken545

2012-07-29, 05:13

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:processes
killallprocesses

:OTL
[2012/07/10 23:21:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120712-212616.backup

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

stoneshaper

2012-07-29, 15:09

All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.20120712-212616.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Donna\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Donna\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
System Restore Service not available.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 396 bytes

User: Administrator.ACER-36D0BD61CF
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 396 bytes

User: Administrator.ACER-36D0BD61CF.000
->Temp folder emptied: 61833345 bytes
->Temporary Internet Files folder emptied: 3297611 bytes
->Flash cache emptied: 531 bytes

User: Administrator.ACER-36D0BD61CF.001
->Temp folder emptied: 61849729 bytes
->Temporary Internet Files folder emptied: 3297580 bytes
->Flash cache emptied: 531 bytes

User: Administrator.ACER-36D0BD61CF.002
->Temp folder emptied: 59965967 bytes
->Temporary Internet Files folder emptied: 2388034 bytes
->Flash cache emptied: 531 bytes

User: Administrator.ACER-36D0BD61CF.003
->Temp folder emptied: 61734017 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 396 bytes

User: All Users

User: Default User
->Temp folder emptied: 61717633 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 396 bytes

User: Donna
->Temp folder emptied: 93582091 bytes
->Temporary Internet Files folder emptied: 55463622 bytes
->Flash cache emptied: 23290 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2079986 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 11026326 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 7260048 bytes

Total Files Cleaned = 463.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 07292012_070350

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545

2012-07-29, 15:56

Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and run it on the computer with the issue.
Make sure "Include All Files" option remains checked.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

stoneshaper

2012-07-29, 16:32

Farbar Service Scanner Version: 26-07-2012
Ran by Donna (administrator) on 29-07-2012 at 08:30:52
Running from "C:\Documents and Settings\Donna\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) MPFP(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

ken545

2012-07-29, 17:17

Things running OK, you may have some windows issues

stoneshaper

2012-07-29, 17:30

Thank you,
I'll look into it further.
Shane

ken545

2012-07-29, 17:48

Lets see if this finds and fixes anything

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

stoneshaper

2012-07-29, 18:14

ComboFix 12-07-29.02 - Donna 07/29/2012 9:56.2.2 - x86 NETWORK
Running from: c:\documents and settings\Donna\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 12:07 . 2012-07-29 12:07 -------- d-----w- C:\e045c8119e92939a3c
2012-07-29 12:03 . 2012-07-29 12:03 -------- d-----w- C:\_OTL
2012-07-29 02:09 . 2012-07-29 02:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-28 19:11 . 2012-07-28 19:11 -------- d-----w- C:\backup
2012-07-28 02:18 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-07-28 02:13 . 2012-07-28 02:13 -------- d-----w- c:\documents and settings\Donna\Application Data\DriverCure
2012-07-28 02:13 . 2012-07-28 02:13 -------- d-----w- c:\documents and settings\Donna\Application Data\SpeedyPC Software
2012-07-28 02:13 . 2012-07-28 02:13 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-07-28 02:13 . 2012-07-28 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-07-28 02:13 . 2012-07-28 02:13 -------- d-----w- c:\program files\SpeedyPC Software
2012-07-28 00:57 . 2012-07-28 02:04 -------- d-----w- C:\ubuntu
2012-07-26 10:03 . 2012-07-28 02:04 -------- d-----w- C:\f04441420a44802669
2012-07-25 22:10 . 2012-07-25 22:10 -------- d-----w- c:\program files\ESET
2012-07-25 22:03 . 2012-07-25 22:03 -------- d-----w- C:\found.001
2012-07-25 10:48 . 2012-07-25 10:48 -------- d-----w- C:\ed111e0310983e183181dcf521b3
2012-07-13 03:22 . 2012-07-13 03:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-13 03:22 . 2012-07-13 03:22 -------- d-----w- C:\7a2cb2103f63f0c01dafde
2012-07-13 03:11 . 2012-07-13 03:11 -------- d-----w- c:\program files\ERUNT
2012-07-13 02:16 . 2012-07-13 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-13 02:16 . 2012-07-13 02:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-12 03:22 . 2012-07-12 03:22 -------- d-----w- C:\found.000
2012-07-12 02:30 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-10 04:34 . 2012-07-10 04:34 -------- d-----w- c:\documents and settings\Donna\Application Data\Malwarebytes
2012-07-10 04:34 . 2012-07-10 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-10 04:34 . 2012-07-29 01:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-10 04:34 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-10 04:24 . 2012-07-11 04:04 -------- d-----w- c:\documents and settings\Donna\Application Data\U3
2012-07-10 04:03 . 2012-07-10 04:04 -------- d-----w- C:\rsit
2012-07-10 04:03 . 2012-07-10 04:03 -------- d-----w- c:\program files\trend micro
2012-07-10 04:02 . 2008-04-14 05:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-07-10 03:13 . 2012-07-10 03:13 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-10 03:12 . 2012-07-10 03:12 -------- d-----w- C:\0160a5cb8768dca4f6eb
2012-07-10 03:10 . 2012-07-10 03:10 -------- d-----w- c:\program files\McAfee.com
2012-07-10 03:10 . 2012-07-10 03:10 -------- d-----w- c:\program files\Common Files\McAfee
2012-07-10 01:04 . 2012-07-10 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-07-10 01:04 . 2012-07-10 01:04 -------- d-----w- c:\documents and settings\Donna\Local Settings\Application Data\AVG Secure Search
2012-07-10 01:03 . 2012-07-10 01:03 -------- d-----w- c:\documents and settings\Donna\Application Data\AVG Secure Search
2012-07-10 01:03 . 2012-07-10 03:11 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-10 01:03 . 2012-07-10 03:11 -------- d-----w- c:\program files\AVG Secure Search
2012-07-10 01:02 . 2012-07-10 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-07-10 01:02 . 2012-07-10 03:11 -------- d-----w- C:\$AVG
2012-07-10 01:02 . 2012-07-10 01:53 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-10 01:02 . 2012-07-10 01:02 -------- d-----w- c:\program files\AVG
2012-07-10 00:51 . 2012-07-10 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-07-10 00:51 . 2012-07-10 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2012-07-10 00:13 . 2012-07-10 03:12 -------- d-----w- C:\a5e8f45f25baa017afcc3d7dd8ec
2012-07-09 23:43 . 2012-07-10 03:12 -------- d-----w- C:\695a62174b17b3390824
2012-07-09 23:35 . 2012-07-09 23:36 -------- d-----w- c:\documents and settings\Administrator
2012-07-04 13:04 . 2012-07-09 23:38 -------- d-----w- C:\3d296386f402c8162e5272ed064d
2012-07-03 22:21 . 2012-07-09 23:38 -------- d-----w- C:\f4e35f02c6426828dad9677121
2012-06-30 00:12 . 2012-07-09 23:38 -------- d-----w- C:\134376ae0be880e80e68ae46
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 22:35 . 2009-01-16 23:32 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 22:35 . 2012-06-04 22:35 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-01-16 23:32 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-01-16 23:32 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-08-07 01:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-01-16 23:32 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-01-16 23:32 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2009-01-16 23:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-01-16 23:32 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-01-16 23:32 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2009-01-16 23:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-02 13:46 . 2009-01-16 23:31 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-20 1398056]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-04 196608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
R3 iscFlash;iscFlash;c:\docume~1\Donna\LOCALS~1\Temp\7zSF.tmp\iscflash.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [x]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R4 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 23:17]
.
2012-07-28 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-07-06 20:52]
.
2012-07-29 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-07-29 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 10:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-07-29 10:06:56
ComboFix-quarantined-files.txt 2012-07-29 15:06
.
Pre-Run: 132,580,458,496 bytes free
Post-Run: 132,545,495,040 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C137ECC9AC0F6C6B09182CD0608DD7F4

ken545

2012-07-29, 18:59

Nothing bad was found and removed so at this point you may just have some plain old windows issues.

Let me point something out, there are 100s of programs that claim to fix or clean up your system, most are worthless and not needed, I have been into computing since windows 3.1 and never had any need for any 3rd party programs , most of what you need is built right into windows.

DriverCure <-- If for example you need to update drivers for a video card, you need to go right to the manufactures website and download the correct driver from them

SpeedyPC Software <-- I'll let you read this and you can make up your own mind to keep it or not, most do more damage than good

http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/who-are-speedy-pc-pro-and-are-they-safe-to-use/62629332-a670-4166-b418-e2a5a876daa1

http://www.mywot.com/en/scorecard/www.speedypc.com

Why dont you post here and let them check over your system and offer any advice they may have, I would link them to this thread so they can see what we have done and look at Farbars Service Scanner so they can see whats going on in that area.

http://forums.whatthetech.com/index.php?showforum=119

Good luck

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Malwarebytes is the free version and yours to keep and will not be removed

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn
Ken

ken545

2012-07-31, 14:02

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.