"Hard drive clusters are partly damaged" message

Happy New Year, Karen.

Please update and run a new Mbam Full Scan in Normal Mode

MBAM Full Scan in Normal Mode

Hi Bobbye!

Thank you for all of your help. A concern I have is that I still can't update Malwarebytes' database, it gives me the error:

"An error has occurred. Please report this error code to our support team.
PROGRAM_ERROR_UPDATING (5. 0. CreateFile)
Access is denied."

Should I unstall and reinstall to fix this do you think?

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122405

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/2/2012 7:30:49 PM
mbam-log-2012-01-02 (19-30-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 242129
Time elapsed: 32 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Karen, here's the scoop on the 3 Malwarebytes scans:
1. Malwarebytes' Anti-Malware 1.51.2.1300> Normal Mode
Database version: 911122405
12/27/2011 1:06:56 PM
mbam-log-2011-12-27 (13-06-56).txt
Scan type: Quick scan
Objects scanned: 185408
Registry Data Items Infected: 7>>
Hijcked Start Menu:
No Desktop
No ControlPanel
No MyComputer
No Help
No MyDocs
No Run
No Search
--------------------------------------------
2. Malwarebytes' Anti-Malware 1.51.2.1300> (Safe Mode)
Database version: 911122405
Windows 5.1.2600 Service Pack 3
12/28/2011 11:25:52 PM
Scan type: Full scan (C:\|)
Objects scanned: 243392
Registry Data Items Infected: 6
Shows all Hijacked Start Menu processes except for No Desktop which was restored when you ran the Unhide program
---------------------------------

>> that's because you were in Safe Mode. It appears you were in just plain Safe Mode and not in Safe Mode with Networking as instructed.

TDSSKiller: Removed the rootkit processes
21:40:25.0015 0360 Detected object count: 1
21:40:25.0015 0360 Actual detected object count: 1
21:40:35.0296 0360 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Quarantine

3. Malwarebytes' Anti-Malware 1.51.2.1300> Normal Mode
Database version: 911122405
1/2/2012 7:30:49 PM
mbam-log-2012-01-02 (19-30-49).txt
Clean!
--------------------------------------
Safe Mode: Loads the minimum set of device drivers. User specific startup programs do not run.
Safe Mode with Networking: Includes the services and drivers needed for network connectivity.Enables logging on to the network, logon scripts, security, and Group Policy settings.
============================================
Do you now have the desktop with icons? Do you now have the My Computer, the Control Panel, your Docs,, the Run, Help and Search functions? If not, what are you missing?

You did not tell me which features in particular you were experiencing regarding the particular malware so I need to know if you are having any remaining problem other than problem with Mbam.
--------------------------------------------
You "should" be able to run both Mbam and Combofix with their updates now. Some of our replies were made at the same time, so let remove these 2 programs now then download both new and scan. Both should be done in Normal mode:

Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Then download new Combofix from the link in my directions and run the scan.
-----------------------------------
Uninstall Malwarebytes using Add/Remove Programs, then use Windows Explorer to access Computer> Local Drive> Programs> do a right click> Delete on the Mbam folder.
Download and install new Mbam with this link:HERE Be sure you're logged into the Administrative Account. Go to my directions again for the full scan.

I don't think the "access is denied" is a permissions issue, but if you get than with the new download, let me know and we'll fix it.

Hi Bobbye,
If I restarted in Safe Mode (without Networking) I did it in error, I apologize. Now when I turn the computer on, the screen goes black though the power indicator is lit. I have to hit the off switch then again to turn it on but it only stays on for about 15 seconds. I can't get the information you need nor uninstall and reinstall the programs and run them. I'll have to try to connect my other screen to proceed, I will try that in the next few hours. Thank you for your patience.
Karen

Status & ComboFix info.

Good morning,
I am in Normal Mode and uninstalled then reinstalled ComboFix, and I turned off Avast. It still says it is blocking something with regards to ComboFix (a few different things, goes by quick, one is pev something). Then after the black ComboFix screen closes, I get the error: "Warning!! Do not run ComboFix in Compatibility Mode. Doing so may damage the machine." I never get the blue ComboFix screen.
What I see as still an issue is that the files (i.e. shortcuts on the desktop) are still hidden, and I would believe that there is still a problem because I can't run ComboFix and can't update MBAM. Now my screen goes blank, had to switch screens with another computer. I am not however getting the same error messages in Normal Mode that I was before due to the virus, so we're getting somewhere which is great!
I'm going to uninstall then reinstall MBAM and run again, will post the results.
Thanks, Karen

Karen, the black screen can be another result from the malware.

If the screen goes black when you start up in Normal Mode, the go right into #1 below, follow with #2, then #3 if needed. Then go on with #4, #5 and #6.If needed, do #7.
---------------------------
Let me know if this can be accomplished. If it can or if it cannot, I'd like you to go through this sequence of scans again. Please take care to run in the order given: I have made changes to address your problem specifically/
--------------------------------------
If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
============================================
1. Boot into Safe Mode with Networking again.
===========================================
2. Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=============================================
3. Run Unhide again If the display can be changed and you still have missing icons, programs, files, etc.,
================================
4. Run RKill again
=======================================
Do not reboot your computer after running RKilll as the malware programs will start again.
================================
5. Run the TDSKiller again
====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
6. Try the Malwarebytes Full Scan again.
=====================================
7. Some items may not show on the Start menu. To add them back:

• Right click on Start> Properties
• Taskbar and Start Menu Properties screen appears
• choose Start Menu tab> Click on Customize
• For Windows XP> Choose Advanced tab
• Check the items you want back on the Start Menu
• When finished> click on OK> Apply and close.

====================================
You can now reboot back into Normal Mode.
====================================
If you cannot resolve the black screen and go on, please let me know. I will instruct you in how to get back in and may also have you do an Error Check.

For my information, do you have System Restore points set? Do not set a new one now- just tell me if there are any restore points.

MBAM Log

I was able to get Malwarebytes to update once I uninstalled and reinstalled, which is great. Here is the log from the Full Scan in normal mode:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MARTY [administrator]

1/10/2012 11:47:47 AM
mbam-log-2012-01-10 (11-47-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246194
Time elapsed: 32 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\TDSSKiller_Quarantine\28.12.2011_16.34.24\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\28.12.2011_16.34.24\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\28.12.2011_16.39.34\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\28.12.2011_16.39.34\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\28.12.2011_21.39.02\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\28.12.2011_21.39.02\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.

(end)

Hi - sorry, I did not see your post before the MBAM log, but when I plugged in my other screen, it has not since gone black...maybe the screen is junk now, it is a bit old hp 1702. I am now working on your post #26, I do try to be careful to follow your instructions in order, I know it can make all the difference.
*Question* - I never used "unhide", I went to Folder Options and set View to hidden files and folders. I still see icons as translucent, seem to still be classified as hidden. Do I need to do anything about this before proceeding with your post #26, as my other screen is not going black. If no, shall I start with #4 in that same post? Thanks.

The Hidden File and Folders are hidden because some are Protected System Folders- not having them visible lessens the chance for an accidental delete. If we intentionally needed to access a folder that was hidden, we would use the Folder Options to make it visible.

But malware puts an attribute in that makes icons, the desktop, the programs an/or random files causing them to be missing- it 'hides' features that are not suppose to be 'hidden.'

Please go back to Folder Options> View tab> check "Do not show hidden files and folders"> Check "Hide Protected System Files (Recommended)> Apply> OK.
-------------------------
Download Unhide.exe and save to the desktop.

• Double-click on Unhide.exe icon to run the program.
• This program will remove the +H, or hidden, attribute from all the files on your hard drives.

The items being 'hidden' by the malware are not the same ones that are hidden in Folder Options.
====================================
Regarding this "Warning!! Do not run ComboFix in Compatibility Mode." There is a proper use for this as explained below:
The Compatibility tab is only available for programs that are installed on your hard drive. When you open the program Properties, if it has this tab, you can access it and direct it to run on the OS you now have. And Display settings for the program can be adjusted if needed. But this requires user direct action. Compatibility Mode change isn't done accidentally.

But I suspect this may be a fake warning form the malware. I'll have you run the following instead:

• Download OTL from either of the links below and save it to your desktop.
  Link 1
  Link 2
  Note 1.: If you cannot run executable file, down OTL from either of the following links:
  http://oldtimer.geekstogo.com/OTL.com
  http://oldtimer.geekstogo.com/OTL.scr
  Note 2: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  
  [*]Double click the OTL icon to run it.
  [*]Set Output at the top to Minimal Output.
  [*]Check the boxes beside LOP Check and Purity Check.
  [*]Copy the entries in the Codebox below> Paste in the Custom Scan box.
  
  Code:

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  userinit.exe
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  

  [*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  Make sure all other windows are closed and to let it run uninterrupted.
  [*]When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  [*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Restore point & OTL.txt file

Hi Bobbye, the last System restore point was January 10, 2012 at 1:52:23 PM System Checkpoint, I know I created one before but that was back in December trying to fix this myself.

Here is the OTL.txt file:
OTL logfile created on: 1/12/2012 3:12:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 69.13% Memory free
3.34 Gb Paging File | 3.12 Gb Available in Paging File | 93.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 18.73 Gb Free Space | 29.03% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 8.21 Gb Free Space | 81.97% Space Free | Partition Type: NTFS

Computer Name: MARTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12011200\algo.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



O1 HOSTS File: ([2011/08/05 19:26:40 | 000,436,668 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 15031 more lines...
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BYRUA_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: jfwhite.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275512446515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275512437234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04C49C2E-5528-4A96-A07C-AF3BB1DDEB65}: DhcpNameServer = 4.2.2.1 208.39.140.42
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C976CFF-FA86-4F59-87AA-30F302690AB9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4569725-BF76-426A-8F96-53BE21D12E0F}: NameServer = 192.168.1.248,192.168.1.247
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/03 06:51:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 21:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell - "" = AutoRun
O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 15:01:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/12 15:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Citrix
[2012/01/10 11:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/10 11:47:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/10 11:28:14 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/01/10 11:24:44 | 004,377,009 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/12/30 18:41:07 | 000,000,000 | --SD | C] -- C:\friday26551f
[2011/12/30 16:44:34 | 000,000,000 | --SD | C] -- C:\friday
[2011/12/30 11:05:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/30 11:05:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/30 11:05:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/30 11:05:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/30 11:04:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/28 16:35:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/27 21:15:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg
[2011/12/27 17:24:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/27 17:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/27 16:12:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/12/27 16:08:51 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/27 16:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/27 16:08:50 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/27 16:08:47 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/27 16:08:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/27 16:08:46 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/27 16:08:46 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/27 16:08:46 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/27 16:08:45 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/27 16:08:29 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/27 16:08:28 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/12/27 11:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/27 11:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/12/27 11:54:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/12/25 00:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/23 22:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\System Fix
[2011/12/21 11:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VZW Utility Application - LG
[2011/12/21 11:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/12/21 11:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/12 15:12:19 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards (2).url
[2012/01/12 15:07:26 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
[2012/01/12 15:07:25 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Notepad (2).lnk
[2012/01/12 15:01:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/12 14:56:07 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
[2012/01/12 14:39:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/12 14:38:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 17:48:57 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
[2012/01/10 13:29:54 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/01/10 11:47:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 11:25:04 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
[2012/01/10 11:24:47 | 004,377,009 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/01/10 11:22:08 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Presque Isle, Maine SkyCam.url
[2011/12/30 20:28:53 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Subscription Received.url
[2011/12/30 20:23:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/27 21:15:27 | 055,659,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
[2011/12/27 17:25:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/27 16:08:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/25 09:12:36 | 000,000,432 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zNM2RymvUAnRzE
[2011/12/25 09:12:01 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzE
[2011/12/25 09:12:00 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzEr
[2011/12/25 09:10:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/25 09:10:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/25 00:02:13 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/25 00:02:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/23 22:17:53 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/23 09:45:22 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VERIZON EMAIL.url
[2011/12/23 09:29:20 | 000,444,886 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/23 09:29:20 | 000,072,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/21 18:03:44 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\How to Age and Braise Venison.url
[2011/12/21 16:50:22 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bay 4 Motorsports Tewksbury MA ... Quality Pre-Owned ATV, Motorcycle, Dirtbike, Snowmobile Dealer. Located in Tewksbury Massachusetts.url
[2011/12/19 22:50:06 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\U.S. National Debt Clock Real Time.url
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/12 15:12:19 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards (2).url
[2012/01/12 15:07:25 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Notepad (2).lnk
[2012/01/12 15:00:45 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/12 15:00:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/01/12 15:00:44 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 15:00:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2012/01/12 15:00:44 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/12 15:00:40 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/01/12 15:00:40 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/12 15:00:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/12 15:00:40 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\ATI Catalyst Control Center Setup.lnk
[2012/01/12 15:00:40 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Install Altiris Aclient.lnk
[2012/01/12 15:00:40 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2012/01/12 15:00:40 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/12 15:00:40 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/12 14:56:06 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
[2012/01/10 17:48:57 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
[2012/01/10 11:47:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 11:25:04 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
[2011/12/30 11:05:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/30 11:05:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/30 11:05:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/30 11:05:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/30 10:38:11 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
[2011/12/28 21:46:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/27 21:15:24 | 055,659,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
[2011/12/27 17:25:00 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/12/27 17:24:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/27 16:08:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/25 09:11:59 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzE
[2011/12/25 09:11:59 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzEr
[2011/12/25 09:11:33 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zNM2RymvUAnRzE
[2011/12/25 09:11:02 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/25 09:10:48 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/25 09:10:48 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/24 10:33:53 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/21 16:50:22 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bay 4 Motorsports Tewksbury MA ... Quality Pre-Owned ATV, Motorcycle, Dirtbike, Snowmobile Dealer. Located in Tewksbury Massachusetts.url
[2011/12/21 16:11:54 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\How to Age and Braise Venison.url
[2011/12/21 11:42:23 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/12/19 22:50:06 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\U.S. National Debt Clock Real Time.url
[2011/09/07 12:55:41 | 000,394,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/22 10:23:57 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/22 10:23:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/17 21:03:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/12 21:36:39 | 000,086,084 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/29 23:21:21 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2010/12/29 23:21:21 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/07/08 12:39:26 | 000,000,022 | ---- | C] () -- C:\Program Files\InstSuccess.ini
[2008/07/08 09:24:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/07/08 09:24:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2008/07/08 09:07:45 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/07/08 09:03:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/07 13:29:16 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/07/07 13:29:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/07/07 13:29:16 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/15 06:14:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/15 06:05:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/02/15 06:05:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/02/15 06:05:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/02/15 06:05:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/15 06:04:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/02/15 05:49:12 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/07/03 14:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/04/25 13:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 12:43:54 | 000,444,886 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 12:43:54 | 000,072,636 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 12:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 12:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/27 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/27 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/27 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/27 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/27 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/27 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/27 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/27 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 02:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 02:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 05:12:22 | 000,000,781 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1998/05/06 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2010/06/03 06:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/12/25 08:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon
[2008/02/15 06:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/12/30 20:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/06/03 06:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/12/27 16:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/20 17:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2011/12/24 21:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/07/04 14:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/12/27 21:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/27 12:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/29 23:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/04/13 19:12:35 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\setupn.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[2006/02/27 21:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: USERINIT.EXE >
[2006/02/27 21:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2011/05/27 15:22:14 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/27 21:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

Extras.txt file

OTL Extras logfile created on: 1/12/2012 3:12:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 69.13% Memory free
3.34 Gb Paging File | 3.12 Gb Available in Paging File | 93.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 18.73 Gb Free Space | 29.03% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 8.21 Gb Free Space | 81.97% Space Free | Partition Type: NTFS

Computer Name: MARTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.scr [@ = DWGTrueViewScriptFile] -- "" "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
"C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe" = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe:*:Enabledanasonic Communications Utility -- (Panasonic Communications Co., Ltd.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel(R) PRO Network Connections
"{13E3F00B-2C9F-48B1-8FAF-3EACCEF2300E}" = Read Me First
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{695603EE-5D13-4406-A034-B1346652CC4D}" = Windows Firewall Setting Tool
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2CE9587-4442-4A3D-BB4D-2C36CB69707D}" = Panasonic Software Version Information
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5D80887-7F80-4A4D-94CE-64944BEF5525}" = Panasonic Document Management System
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEA90EEC-CA16-4092-9604-25B2ACC5273B}" = Communications Utility
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Citrix ICA Client" = Citrix ICA Client
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.3
"DWG TrueView 2011" = DWG TrueView 2011
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{695603EE-5D13-4406-A034-B1346652CC4D}" = Panasonic Windows Firewall Setting Tool
"InstallShield_{B5D80887-7F80-4A4D-94CE-64944BEF5525}" = Panasonic Document Management System
"InstallShield_{DEA90EEC-CA16-4092-9604-25B2ACC5273B}" = Panasonic Communications Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

I'm just realizing that I don't have the 2 logs from DDS. Did you run that scan? I went back but didn't see it. Please go ahead and run, leave the 2 logs..Do you have Spybot S&D on the system, with the Immunize feature enabled?

Hi Bobbye,
I couldn't run that scan initially because I couldn't disable AVG, never went back and ran it. I know in one post you were considering have me run it after reviewing a couple of logs, but we got sidetracked because of all the issues that popped up along the way. I figured out how to remove script blocking protection in avast. When i double-click on the dds icon after downloading it, it is asking me what program with which to open it, it is a .scr file, not a .exe file?

I used to have spybot but the computer was "cleaned" by an it tech and I think he removed it. Please advise and thank you!

Hi again - I got dds.pif downloaded and ran without script blocking, but the DOS screen eventually froze after about 25 "#" accumulated. Then my whole screen froze, this happened twice. I had to hard-shutdown to do anything. Therefore, I can't get any DDS logs for you to post.

The Host files indicate that some type of program is running that blocked bad domains. Basically, this is a good thing. But I have never seen them display as yours do in OTL, let alone say there are 1500 more of them! And many do have Spybot S&D but don't have the blacklisted host files strung out.
---------------------------------

• Run OTL
• Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
  
  
  Code:

  :OTL
  @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...smb&pf=desktop
  IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
  O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell - "" = AutoRun
  O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
  O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell - "" = AutoRun
  O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
  O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell - "" = AutoRun
  O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
  [2011/12/27 11:54:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
  [2011/12/25 09:12:36 | 000,000,432 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zNM2RymvUAnRzE
  [2011/12/25 09:12:01 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzE
  [2011/12/25 09:12:00 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzEr
  [2011/12/24 10:33:53 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
  [2008/02/15 06:04:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
  regfile [merge] -- Reg Error: Key error.
  txtfile [edit] -- Reg Error: Key error.
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [resethosts]
  [clearjavacache]
  [CreateRestorePoint]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run uninterrupted, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

======================================================
Please download Farbar Service Scanner

• Check Include all files option
• Press the Scan button
• Log named FSS.txt will be created in the same directory as the tool
• Please paste the log into your next reply

===================================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
===================================
Hopefully there will be some improvement after the OTL Fix.

Please go back to Folder Options in the Control Panel> View tab> Check 'don't show hidden files and folders'> Check 'hide protected system files (Recommended)> Apply> OK

I think they are still showing from when you wanted to 'see' the fils.

OTL Log

Hi there Bobbeye!

OTL logfile created on: 1/21/2012 5:07:33 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 68.43% Memory free
3.34 Gb Paging File | 3.08 Gb Available in Paging File | 92.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 17.82 Gb Free Space | 27.62% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 8.21 Gb Free Space | 81.97% Space Free | Partition Type: NTFS

Computer Name: MARTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12012101\algo.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



O1 HOSTS File: ([2012/01/21 17:04:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BYRUA_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: jfwhite.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275512446515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275512437234 (MUWebControl Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C976CFF-FA86-4F59-87AA-30F302690AB9}: DhcpNameServer = 192.168.1.1 71.243.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/03 06:51:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 21:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 17:03:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/12 15:01:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/12 15:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Citrix
[2012/01/10 11:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/10 11:47:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/10 11:28:14 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/30 18:41:07 | 000,000,000 | --SD | C] -- C:\friday26551f
[2011/12/30 16:44:34 | 000,000,000 | --SD | C] -- C:\friday
[2011/12/30 11:05:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/30 11:05:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/30 11:05:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/30 11:05:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/30 11:04:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/28 16:35:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/27 21:15:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg
[2011/12/27 17:24:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/27 17:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/27 16:12:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/12/27 16:08:51 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/27 16:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/27 16:08:50 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/27 16:08:47 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/27 16:08:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/27 16:08:46 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/27 16:08:46 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/27 16:08:46 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/27 16:08:45 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/27 16:08:29 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/27 16:08:28 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/12/27 11:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/27 11:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/12/25 00:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/23 22:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\System Fix

========== Files - Modified Within 30 Days ==========

[2012/01/21 17:10:42 | 000,445,538 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/21 17:10:42 | 000,072,970 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/21 17:06:48 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/01/21 17:06:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 17:06:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 17:04:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/21 10:29:55 | 000,001,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url
[2012/01/21 10:11:00 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Presque Isle, Maine SkyCam.url
[2012/01/15 18:26:31 | 000,000,324 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
[2012/01/15 12:26:16 | 000,394,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/13 00:17:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/13 00:10:59 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/01/12 15:07:26 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
[2012/01/12 15:01:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/10 17:48:57 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
[2012/01/10 11:25:04 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
[2011/12/30 20:28:53 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Subscription Received.url
[2011/12/30 20:23:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/27 21:15:27 | 055,659,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
[2011/12/27 17:25:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/27 16:08:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/25 09:10:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/25 09:10:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/25 00:02:13 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/23 09:45:22 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VERIZON EMAIL.url

========== Files Created - No Company Name ==========

[2012/01/21 10:29:55 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url
[2012/01/15 18:26:31 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
[2012/01/13 00:10:59 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/01/12 15:00:45 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/12 15:00:44 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 15:00:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2012/01/12 15:00:44 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/12 15:00:40 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/01/12 15:00:40 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/12 15:00:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/12 15:00:40 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\ATI Catalyst Control Center Setup.lnk
[2012/01/12 15:00:40 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Install Altiris Aclient.lnk
[2012/01/12 15:00:40 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2012/01/12 15:00:40 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/12 15:00:40 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/10 17:48:57 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
[2012/01/10 11:25:04 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
[2011/12/30 11:05:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/30 11:05:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/30 11:05:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/30 11:05:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/30 10:38:11 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
[2011/12/28 21:46:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/27 21:15:24 | 055,659,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
[2011/12/27 17:25:00 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/12/27 17:24:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/27 16:08:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/25 09:11:02 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/25 09:10:48 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/25 09:10:48 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/21 11:42:23 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/09/07 12:55:41 | 000,394,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/22 10:23:57 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/22 10:23:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/17 21:03:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/12 21:36:39 | 000,086,084 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/29 23:21:21 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2010/12/29 23:21:21 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/07/08 12:39:26 | 000,000,022 | ---- | C] () -- C:\Program Files\InstSuccess.ini
[2008/07/08 09:24:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/07/08 09:24:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2008/07/08 09:07:45 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/07/08 09:03:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/07 13:29:16 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/07/07 13:29:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/07/07 13:29:16 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/15 06:14:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/15 06:05:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/02/15 06:05:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/02/15 06:05:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/02/15 06:05:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/15 05:49:12 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/07/03 14:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/04/25 13:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 12:43:54 | 000,445,538 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 12:43:54 | 000,072,970 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 12:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 12:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/27 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/27 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/27 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/27 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/27 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/27 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/27 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/27 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 02:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 02:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 05:12:22 | 000,000,781 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1998/05/06 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2010/06/03 06:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/12/25 08:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon
[2008/02/15 06:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/12/30 20:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/06/03 06:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/12/27 16:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/20 17:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2011/12/24 21:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/07/04 14:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/12/27 21:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/27 12:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/29 23:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

FSS Log

There was no "include all files" checkbox, so I checked all the boxes myself, I hope what I did was correct. Here is the log:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Administrator (administrator) on 21-01-2012 at 17:14:05
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000B00000008000000090000000A0000000C000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

other info.

I uninstalled Java then installed, it is now Java 6 Update 30.
I had checked "don't show hidden files and folders" then downloaded unhide.exe and ran it, I thought before I did my last postings 5 days ago. I did go and check those two settings and they match what you told me. Hopefully we're progressing! Thank you so much!
Karen

There are some entries in the log that I wouldn't expect to see logged. They are puzzling, but not necessarily bad.

System is getting better, but not clean yet: Have you noticed any improvement?

OTL Custom Scan Fixes

• Run OTL
• Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
  
  Code:

  :OTL
  @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
  O15 - HKCU\..Trusted Domains: jfwhite.com ([]* in Trusted sites)
  O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)
  [2012/01/21 10:29:55 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url
  [2012/01/10 11:25:04 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
  :Files
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [emptyjava]
  [resethosts]
  [CreateRestorePoint]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run uninterrupted, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

=========================================
Please run this after OTL Fix: MGA Diagnostics tool

• You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
• You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
• You must choose to Run this tool when prompted.
• Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
• If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
• After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
• Please return to this thread and Paste the results here for review.

------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
========================================
Edit: Forgot this: Click on start> Run> type in services.msc> Enter> Find and double click on Background Intelligent Transfer Service (BITS)> Set Startup type to Manual.

OTL Log

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jfwhite.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webex.com\ deleted successfully.
File C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url not found.
C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 148828 bytes
->Temporary Internet Files folder emptied: 1142270 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1365002 bytes

Total Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

Total Java Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01222012_140655

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZM3UH6LH\topic175275-2[1].html moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...