WiredWX Hobby Weather ToolsLog in

 


Computer Extremly Slow

2 posters

descriptionComputer Extremly Slow EmptyComputer Extremly Slow

more_horiz
Hi, I have a Dell Laptop running Vista Home Premium. I ran Superantispyware and nothing was found.
I tried making a log with OTL but it got stuck at making a restore point phase.
And when I try running safe mode, I get to a black screen with "safe mode" in each corner but nothing actually ever comes up.
THe computer hangs on the shut down process, task manager doesnt open only see the little graph in the right corner.

Same issues discussed in this post
http://forums.techguy.org/windows-vista/773399-vista-task-manager-wont-initialize-2.html

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
Try running OTL without custom scans and see if it works...

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
OTL logfile created on: 5/16/2011 3:14:50 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\x\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 89.42 Gb Free Space | 40.54% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 8.85 Gb Free Space | 90.57% Space Free | Partition Type: NTFS

Computer Name: x-BRY | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 17:54:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\valadez\Desktop\OTL.com
PRC - [2011/05/04 10:54:26 | 000,354,688 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\valadez\AppData\Local\Temp\SSUPDATE.EXE
PRC - [2011/05/04 10:42:04 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/07/27 03:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2010/07/27 02:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 14:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/05/04 02:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 02:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 02:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 02:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/04/28 14:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/03 22:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/01/24 23:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/20 19:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/09 14:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/21 08:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/12/11 10:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/12/05 08:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/11/26 08:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/11/12 04:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 04:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/11/01 17:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/24 10:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 13:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/03/23 06:00:00 | 000,182,272 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICFA.EXE
PRC - [2007/03/21 11:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 11:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/08/09 14:59:34 | 000,139,264 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 17:54:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\valadez\Desktop\OTL.com
MOD - [2008/01/20 19:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/27 02:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2008/09/05 16:28:31 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 14:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/24 23:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 14:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/11 10:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/12/05 08:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/26 08:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/11/12 04:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 04:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/11/07 07:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/24 10:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 13:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/03/21 11:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/08/09 14:59:34 | 000,139,264 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)


========== Driver Services (SafeList) ==========

DRV - [2010/07/27 02:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 02:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/06/23 05:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/05/04 02:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 00:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/03 22:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/03 22:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/20 19:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/12/02 10:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 04:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 04:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 04:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 04:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/11/12 04:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 09:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 09:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 09:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/13 04:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080906
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080906
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus CX9400Fax Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\valadez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\valadez\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\valadez\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c4700f88-235c-11e0-8953-00219bea867f}\Shell - "" = AutoRun
O33 - MountPoints2\{c4700f88-235c-11e0-8953-00219bea867f}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 15:14:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.com
[2011/05/15 17:43:28 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/15 17:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/15 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/15 17:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

========== Files - Modified Within 30 Days ==========

[2011/05/16 15:13:27 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/16 15:13:27 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/16 15:09:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 15:07:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 15:07:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 15:07:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/16 15:07:35 | 3208,716,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/15 20:21:26 | 000,280,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/15 20:00:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/15 17:54:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\valadez\Desktop\OTL.com
[2011/05/15 17:35:47 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 19:21:07 | 000,030,720 | ---- | M] () -- C:\Users\valadez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/05/16 15:07:35 | 3208,716,288 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/15 17:35:47 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/31 08:54:16 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/07/31 08:54:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/30 13:25:37 | 000,000,680 | ---- | C] () -- C:\Users\valadez\AppData\Local\d3d9caps.dat
[2009/04/12 09:43:56 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/04/12 09:43:56 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/04/12 09:43:56 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/04/12 09:43:52 | 000,001,247 | ---- | C] () -- C:\Windows\EReg515.dat
[2009/04/12 09:34:09 | 000,000,909 | ---- | C] () -- C:\Windows\disney.ini
[2009/03/13 22:02:13 | 000,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL
[2009/03/13 22:02:13 | 000,004,528 | ---- | C] () -- C:\Windows\System32\SETBROWS.EXE
[2008/10/20 23:10:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/20 23:10:50 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/10/20 23:10:50 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/10/20 23:10:50 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/10/20 23:10:50 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/10/20 23:10:50 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/10/20 23:10:50 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/10/20 23:10:50 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/10/20 23:10:50 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/10/20 23:10:50 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/10/20 23:10:50 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/10/20 23:10:50 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/10/20 23:10:50 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/10/20 23:10:50 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/10/20 23:10:50 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/10/20 23:10:50 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/10/20 23:08:05 | 000,000,044 | ---- | C] () -- C:\Windows\EPSCX9400Fax.ini
[2008/10/04 22:32:23 | 000,030,720 | ---- | C] () -- C:\Users\valadez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 19:28:35 | 000,005,834 | ---- | C] () -- C:\Users\valadez\AppData\Roaming\wklnhst.dat
[2008/09/05 18:52:32 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/09/05 18:52:32 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/09/05 18:52:32 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/09/05 18:52:32 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/09/05 18:52:32 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/09/05 18:52:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/09/05 16:18:14 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/09/05 16:18:14 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/09/05 16:14:16 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/02/03 16:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,280,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2008/10/20 23:20:03 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Leadertech
[2008/09/14 19:28:37 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Template
[2008/09/05 16:37:07 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2008/09/05 16:37:07 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/08/14 10:48:09 | 000,030,466 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\x\Documents\162711.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\x\Documents\162636.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\x\Documents\135814.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\x\Documents\100529.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\x\Documents\095906.avi:TOC.WMV

< End of report >

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
I ran the quickscan and it produced that log but now OTL freezes at "Scanning Security Event Log..."
i replaced the username with "x"

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below


Computer Extremly Slow AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop
    Computer Extremly Slow AswMBR_SaveLog

  • Copy and paste the contents of aswMBR.txt back here for review

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-17 16:05:47
-----------------------------
16:05:47.669 OS Version: Windows 6.0.6001 Service Pack 1
16:05:47.669 Number of processors: 2 586 0xF0D
16:05:47.669 ComputerName: VALADEZ-BRY UserName: valadez
16:06:06.108 Initialize success
16:06:10.507 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:06:10.507 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
16:06:10.538 Disk 0 MBR read successfully
16:06:10.538 Disk 0 MBR scan
16:06:10.538 Disk 0 unknown MBR code
16:06:10.538 Disk 0 scanning sectors +488394752
16:06:10.569 Disk 0 scanning C:\Windows\system32\drivers
16:06:26.715 Service scanning
16:06:28.166 Disk 0 trace - called modules:
16:06:28.182 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
16:06:28.182 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859e0918]
16:06:28.182 3 CLASSPNP.SYS[89f9f745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84f1f030]
16:06:28.182 Scan finished successfully
16:07:13.749 Disk 0 MBR has been saved successfully to "C:\Users\valadez\Desktop\MBR.dat"
16:07:13.765 The log file has been saved successfully to "C:\Users\valadez\Desktop\aswMBR.txt"


descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
ComboFix 11-05-17.01 - valadez 05/17/2011 21:55:36.1.2 - x86
MicrosoftÆ Windows Vistaô Home Premium 6.0.6001.1.1252.1.1033.18.3061.2019 [GMT -7:00]
Running from: c:\users\valadez\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 05:01 . 2011-05-18 05:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-16 00:43 . 2011-05-16 00:43 -------- d-----w- c:\users\valadez\AppData\Roaming\SUPERAntiSpyware.com
2011-05-16 00:43 . 2011-05-16 00:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-16 00:35 . 2011-05-16 00:43 -------- d-----w- c:\program files\SUPERAntiSpyware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-05 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-04 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-29 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
.
c:\users\valadez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-9-5 50688]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-05 23:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-29 30192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 01:06]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 01:06]
.
2008-09-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-09-05 18:32]
.
2008-09-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-09-05 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-17 22:02
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-17 22:04:50
ComboFix-quarantined-files.txt 2011-05-18 05:04
.
Pre-Run: 102,084,366,336 bytes free
Post-Run: 102,251,986,944 bytes free
.
- - End Of File - - DC4381C306ADC9CA14703AD3643F1EC0

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
Also now the computer gives an error "Illegal operation attempted on a registry key that has been marked for deletion" when I try to open a program after running combofix.

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
Odd. ComboFix did not make any changes to the system.

Scan for malware

Computer Extremly Slow Bf_new Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6613

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/18/2011 9:57:55 PM
mbam-log-2011-05-18 (21-57-55).txt

Scan type: Quick scan
Objects scanned: 148499
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1525
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 160):
0x81C01000 \SystemRoot\system32\ntkrnlpa.exe
0x81FBA000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80474000 \SystemRoot\system32\PSHED.dll
0x80485000 \SystemRoot\system32\BOOTVID.dll
0x8048D000 \SystemRoot\system32\CLFS.SYS
0x804CE000 \SystemRoot\system32\CI.dll
0x8060E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80697000 \SystemRoot\system32\drivers\acpi.sys
0x806DD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E6000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EE000 \SystemRoot\system32\drivers\pci.sys
0x80715000 \SystemRoot\System32\drivers\partmgr.sys
0x80724000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80727000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80731000 \SystemRoot\system32\drivers\volmgr.sys
0x80740000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078A000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80791000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8079F000 \SystemRoot\system32\drivers\pciide.sys
0x807A6000 \SystemRoot\System32\drivers\mountmgr.sys
0x82206000 \SystemRoot\system32\drivers\iastor.sys
0x822CD000 \SystemRoot\system32\drivers\atapi.sys
0x822D5000 \SystemRoot\system32\drivers\ataport.SYS
0x822F3000 \SystemRoot\system32\drivers\fltmgr.sys
0x82325000 \SystemRoot\system32\drivers\fileinfo.sys
0x82335000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8233E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89C05000 \SystemRoot\system32\drivers\ndis.sys
0x89D10000 \SystemRoot\system32\drivers\msrpc.sys
0x89D3B000 \SystemRoot\system32\drivers\NETIO.SYS
0x89E04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89F13000 \SystemRoot\system32\drivers\volsnap.sys
0x89F4C000 \SystemRoot\System32\Drivers\spldr.sys
0x89F54000 \SystemRoot\System32\Drivers\mup.sys
0x89F63000 \SystemRoot\System32\drivers\ecache.sys
0x89F8A000 \SystemRoot\system32\drivers\disk.sys
0x89F9B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89FBC000 \SystemRoot\system32\drivers\crcdisk.sys
0x8D8D0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8D8DB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8D8E4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DC0C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E259000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E2F8000 \SystemRoot\System32\drivers\watchdog.sys
0x8E305000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E310000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E34E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E35D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E36F000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8D8F3000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8E3B5000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E3C5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E3D3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8E3ED000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x89FD2000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x89D75000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x89FE6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x89DC6000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D9F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D800000 \SystemRoot\system32\drivers\Afc.sys
0x823AF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89FF9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E3FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x89DF2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x823C7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x807B6000 \SystemRoot\system32\DRIVERS\storport.sys
0x823F5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x805AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x80600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x805C5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x805E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E600000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E614000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E629000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E639000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E63B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E665000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E66F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E67C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E6B0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E6C1000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8E6FE000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8E804000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8E8B9000 \SystemRoot\system32\drivers\modem.sys
0x8E8C6000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8E8E7000 \SystemRoot\system32\drivers\portcls.sys
0x8E914000 \SystemRoot\system32\drivers\drmk.sys
0x8E939000 \SystemRoot\system32\drivers\stwrt.sys
0x8E98E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E9A5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E9A7000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x8E9E1000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x8E9E3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E9EC000 \SystemRoot\System32\Drivers\Null.SYS
0x8E9F3000 \SystemRoot\System32\Drivers\Beep.SYS
0x805F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x80400000 \SystemRoot\System32\drivers\vga.sys
0x8EA0C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EA2D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EA35000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EA3D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EA48000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EA56000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EA5F000 \SystemRoot\System32\drivers\tcpip.sys
0x8EB48000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8EB63000 \SystemRoot\System32\Drivers\Mpfp.sys
0x8EB8A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EBA0000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x8EBB2000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EC0D000 \SystemRoot\system32\drivers\afd.sys
0x8EC55000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EC87000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EC9D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8ECAB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8ECBE000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8ECE0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8ECE6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8ED22000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8ED2C000 \SystemRoot\system32\drivers\mfehidk.sys
0x8ED5C000 \SystemRoot\System32\Drivers\dfsc.sys
0x8ED73000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D808000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x95C60000 \SystemRoot\System32\win32k.sys
0x8ED80000 \SystemRoot\System32\drivers\Dxapi.sys
0x8ED8A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95E80000 \SystemRoot\System32\TSDDD.dll
0x95EA0000 \SystemRoot\System32\cdd.dll
0x8ED99000 \SystemRoot\system32\drivers\luafv.sys
0xA7A06000 \SystemRoot\system32\drivers\spsys.sys
0xA7AB5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA7AC5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA7AEF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7AF9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA7B0C000 \SystemRoot\system32\drivers\HTTP.sys
0xA7B79000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA7B96000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA7BAF000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA7BC4000 \SystemRoot\system32\drivers\mrxdav.sys
0x8EDB4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8EBC6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA7BE4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8EDD3000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA8A08000 \SystemRoot\System32\DRIVERS\srv.sys
0xA8A6E000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA8A96000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA8A9A000 \SystemRoot\system32\drivers\peauth.sys
0xA8B78000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA8B82000 \SystemRoot\system32\drivers\mfebopk.sys
0xA8B89000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA8B9B000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA8BA7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA8BAF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA8BC1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA8BD7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA8BEC000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x77790000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 System
500 C:\Windows\System32\smss.exe
596 csrss.exe
640 C:\Windows\System32\wininit.exe
652 csrss.exe
684 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\winlogon.exe
880 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\SLsvc.exe
1352 C:\Windows\System32\svchost.exe
1444 C:\Program Files\Dell\DellDock\DockLogin.exe
1552 C:\Windows\System32\svchost.exe
1668 C:\Windows\System32\WLTRYSVC.EXE
1684 C:\Windows\System32\BCMWLTRY.EXE
1696 C:\Windows\System32\wlanext.exe
1824 C:\Windows\System32\spoolsv.exe
1848 C:\Windows\System32\svchost.exe
440 C:\Windows\System32\AEstSrv.exe
556 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
576 C:\Program Files\Bonjour\mDNSResponder.exe
1592 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
868 C:\Program Files\Common Files\Motive\McciCMService.exe
1600 C:\Program Files\Common Files\Motive\McciServiceHost.exe
1240 C:\Windows\System32\taskeng.exe
1948 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
2052 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2112 C:\Program Files\McAfee\MPF\MpfSrv.exe
2144 C:\Program Files\Google\Update\GoogleUpdate.exe
2244 C:\Program Files\McAfee\MSK\msksrver.exe
2292 C:\Windows\System32\svchost.exe
2432 C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe
2464 C:\Windows\System32\stacsv.exe
2724 C:\Windows\System32\svchost.exe
2760 C:\Windows\System32\svchost.exe
2780 C:\Windows\System32\SearchIndexer.exe
2836 C:\Windows\System32\drivers\XAudio.exe
3480 C:\Windows\System32\dwm.exe
3536 C:\Windows\System32\taskeng.exe
3544 C:\Windows\explorer.exe
3640 C:\Program Files\Google\Update\GoogleUpdate.exe
3676 C:\Program Files\Dell\DellDock\DellDock.exe
3312 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
220 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
2816 C:\Program Files\DellTPad\Apoint.exe
492 C:\Windows\OEM02Mon.exe
1196 C:\Windows\System32\igfxtray.exe
3400 C:\Windows\System32\hkcmd.exe
3796 C:\Windows\System32\igfxpers.exe
3736 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3860 C:\Windows\System32\WLTRAY.EXE
1096 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2752 C:\Windows\System32\igfxsrvc.exe
2884 C:\Program Files\Dell\MediaDirect\PCMService.exe
2168 C:\Program Files\ATT-SST\McciTrayApp.exe
2236 C:\Program Files\iTunes\iTunesHelper.exe
3944 C:\Windows\ehome\ehtray.exe
3940 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3916 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2988 C:\Program Files\Digital Line Detect\DLG.exe
4088 C:\Windows\ehome\ehmsas.exe
3100 C:\Program Files\DellTPad\ApMsgFwd.exe
1084 C:\Program Files\DellTPad\hidfind.exe
4016 C:\Program Files\DellTPad\ApntEx.exe
3036 WmiPrvSE.exe
4748 C:\Windows\System32\wbem\WMIADAP.exe
4788 WmiPrvSE.exe
4908 WUDFHost.exe
5392 C:\Windows\System32\SearchProtocolHost.exe
5436 C:\Windows\System32\SearchFilterHost.exe
5692 dllhost.exe
5720 dllhost.exe
5756 C:\Users\valadez\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`73800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


Done!

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
Please download Speccy and save to your Desktop.
  • Double-click on setup file and install Speccy on your computer.
  • Start Speccy and give it 30 seconds to 1 minute to load.
  • Then, click File > Save as Text file...
  • Save the report to your Desktop or other location you can remember.
  • Find the report and attach it to your next reply.

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
Its been analyzing for over three hours now.
Theres that little spinning circle in the bottom right corner. And under operating system it says analyzing.
Nothing frozen the programs the temperature monitor in Speccy is still moving around. It might just need a long time to finish it.
If this doesnt work do you how to do a factory restore on this computer ?
Its a Dell 1525 laptop with Vista.

descriptionComputer Extremly Slow EmptyRe: Computer Extremly Slow

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum