Solved Xp copy of mbr

elseco60 · Oct 24, 2010

Please help my computer crash every time on normal mode
on safe mode some times works for about 5 min
it give me blue screen

Broni · Oct 24, 2010

Welcome aboard

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
Reboot your system using the boot CD you just created.
- Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
Double-click on the OTLPE icon.
When asked Do you wish to load the remote registry, select Yes
When asked Do you wish to load remote user profile(s) for scanning, select Yes
Ensure the box Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

elseco60 · Oct 24, 2010

Thank you for your reply
here iis the otl log
please guide me on the next steps

Broni · Oct 24, 2010

Please, read our forum rules: https://www.techspot.com/vb/topic154928.html

elseco60 · Oct 24, 2010

sorry iam new here it is

OTL logfile created on: 10/24/2010 6:38:20 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.00 Mb Total Physical Memory | 262.00 Mb Available Physical Memory | 55.00% Memory free
382.00 Mb Paging File | 290.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.72 Gb Total Space | 0.69 Gb Free Space | 0.77% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 35.43 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive E: | 4.43 Gb Total Space | 2.31 Gb Free Space | 52.20% Space Free | Partition Type: FAT32
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/26 00:11:14 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2010/08/13 16:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2004/10/20 10:40:04 | 000,010,328 | ---- | M] (America Online) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/26 00:29:41 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/10/27 18:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/09/26 18:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/09/18 11:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/10 20:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 20:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/04 15:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 15:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2004/08/04 15:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2004/08/04 15:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2004/08/04 15:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2004/08/04 15:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 15:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 15:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 15:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2004/08/04 15:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 15:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 15:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2004/08/04 15:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2004/08/04 15:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 15:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2004/08/04 03:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 19:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp)
DRV - [2004/08/03 19:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Bryan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
IE - HKU\Bryan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Jackie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
IE - HKU\Jackie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Maio_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15486&l=dis
IE - HKU\Maio_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Maio_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Walter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Walter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Walter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2010/10/24 20:14:08 | 000,001,468 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Bryan_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Bryan_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Jackie_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Jackie_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Maio_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Maio_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Walter_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Walter_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1282796920\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] File not found
O4 - HKU\Bryan_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Jackie_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Maio_ON_C..\Run: [KOO9RV9K4Z] C:\DOCUME~1\Maio\LOCALS~1\Temp\Ppc.exe File not found
O4 - HKU\Maio_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Owner_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Walter_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Bryan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jackie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Maio_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Walter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/27 22:03:16 | 000,000,060 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/04/18 14:04:24 | 000,000,090 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - E:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/21 23:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Local Settings\Application Data\Paint.NET
[2010/10/21 20:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Local Settings\Application Data\WMTools Downloaded Files
[2010/10/21 20:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/10/18 23:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\NCH Swift Sound
[2010/10/18 23:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Macromedia
[2010/10/18 23:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Adobe
[2010/10/18 23:34:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bryan\PrivacIE
[2010/10/18 23:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Local Settings\Application Data\Google
[2010/10/18 23:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Google
[2010/10/18 23:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Local Settings\Application Data\AskToolbar
[2010/10/18 23:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Apple Computer
[2010/10/18 23:32:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bryan\IETldCache
[2010/10/18 23:32:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Bryan\Application Data\Microsoft
[2010/10/18 23:32:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bryan\SendTo
[2010/10/18 23:32:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bryan\Recent
[2010/10/18 23:32:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bryan\Application Data
[2010/10/18 23:32:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bryan\Start Menu
[2010/10/18 23:32:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bryan\My Documents\My Pictures
[2010/10/18 23:32:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bryan\My Documents\My Music
[2010/10/18 23:32:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bryan\My Documents
[2010/10/18 23:32:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bryan\Favorites
[2010/10/18 23:32:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bryan\Cookies
[2010/10/18 23:32:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bryan\Templates
[2010/10/18 23:32:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bryan\PrintHood
[2010/10/18 23:32:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bryan\NetHood
[2010/10/18 23:32:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bryan\Local Settings
[2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\You've Got Pictures Screensaver
[2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\WINDOWS
[2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\SampleView
[2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Local Settings\Application Data\Microsoft
[2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Identities
[2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Desktop
[2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\AOL
[2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2010/10/16 20:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walter\Local Settings\Application Data\Temp
[2010/10/13 17:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Application Data\Syntrillium
[2010/10/13 17:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\coolpro2
[2010/10/09 01:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/10/09 01:39:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Maio\Desktop\ATF-Cleaner.exe
[2010/10/06 17:14:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/06 16:55:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/10/06 00:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Application Data\AdobeUM
[2010/10/06 00:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Local Settings\Application Data\Adobe
[2010/10/06 00:38:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/10/06 00:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Application Data\Sun
[2010/10/05 23:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Desktop\am
[2010/10/05 00:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\My Documents\CADV 250
[2010/10/05 00:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Local Settings\Application Data\Apple
[2010/10/04 23:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Desktop\Music
[2010/10/04 23:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\My Documents\FrostWire
[2010/10/04 23:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Application Data\FrostWire
[2010/10/04 22:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/10/04 22:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Local Settings\Application Data\Microsoft Help
[2010/10/04 22:37:25 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/10/04 22:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/04 22:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Application Data\Template
[2010/10/04 21:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
[2010/10/04 21:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010/09/29 21:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walter\Local Settings\Application Data\AskToolbar
[2010/09/28 23:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Application Data\NCH Swift Sound
[2010/09/28 23:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2010/09/25 17:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Local Settings\Application Data\Apple
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/24 20:08:44 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/24 20:08:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/24 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/24 19:58:54 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/24 19:57:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/24 19:57:24 | 501,731,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/24 16:53:03 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/24 16:48:26 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/24 16:48:26 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/23 20:16:55 | 000,003,848 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/10/22 18:35:27 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Maio\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/22 00:38:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/10/21 22:09:22 | 003,065,826 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Young Pride Pocket Full Of Dreams(produced by Ayy b-beats).mp3
[2010/10/20 00:18:41 | 000,404,114 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\gyfhkjhl.wav
[2010/10/20 00:14:28 | 000,538,924 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\fx3.wav
[2010/10/20 00:01:22 | 001,759,190 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\DayToday ep.5- On My Job.mp3
[2010/10/20 00:00:12 | 001,483,546 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\DayToday ep.6 (We Love Everybody).mp3
[2010/10/19 00:26:52 | 000,102,398 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\trhut.wav
[2010/10/19 00:16:03 | 000,762,372 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\trhtyj.wav
[2010/10/19 00:15:03 | 001,135,804 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Jingle Bells, Instrumental.mp3
[2010/10/19 00:11:23 | 000,022,950 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\drhth.wav
[2010/10/19 00:10:00 | 000,422,994 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\How to make a glow torch.mp3
[2010/10/18 23:34:29 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Internet.lnk
[2010/10/18 23:32:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/18 23:32:39 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Windows Media Player.lnk
[2010/10/18 00:38:58 | 001,035,126 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\fs.wav
[2010/10/17 23:47:24 | 000,266,666 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\wooo.wav
[2010/10/17 23:37:17 | 002,730,977 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\DEVO - Working In A Coalmine.mp3
[2010/10/17 23:03:15 | 000,318,706 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\fx2.wav
[2010/10/17 02:56:27 | 000,304,142 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\op;'l.wav
[2010/10/17 02:54:42 | 001,629,236 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\20101017-0253-[www.flvto.com].mp3
[2010/10/17 02:40:42 | 004,659,023 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Example - Kickstarts Bar 9 Remix.mp3
[2010/10/16 00:16:37 | 002,421,906 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\begin.wav
[2010/10/16 00:13:26 | 001,212,600 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\huyiyhuo.wav
[2010/10/16 00:13:10 | 001,211,976 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\tfijhgk.wav
[2010/10/16 00:09:53 | 004,369,377 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Noisses - End Of.mp3
[2010/10/16 00:08:22 | 005,819,277 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\The Streets - In The Middle (Nero Remix).mp3
[2010/10/15 00:53:10 | 002,402,862 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\sun3.wav
[2010/10/15 00:48:05 | 001,209,304 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\sun2.wav
[2010/10/15 00:22:30 | 000,307,624 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\fx.wav
[2010/10/15 00:20:37 | 001,208,978 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\sun.wav
[2010/10/15 00:20:13 | 003,065,762 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Soulja Boy - Touchdown Instrumental (W Hook) && DL.mp3
[2010/10/14 23:47:46 | 004,974,582 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Cassius - The Sound Of Violence (Tha Trickaz Remix).mp3
[2010/10/12 19:42:45 | 000,717,712 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\929296.wav
[2010/10/12 19:33:14 | 000,714,700 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\515151.wav
[2010/10/12 19:30:18 | 003,204,525 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Krypton and nGage - Forget Me Now.mp3
[2010/10/12 00:25:15 | 002,289,892 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\why4.wav
[2010/10/11 00:07:18 | 001,320,000 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\why3.wav
[2010/10/10 23:21:28 | 001,936,052 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\why2.wav
[2010/10/10 23:06:55 | 000,970,482 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\why1.wav
[2010/10/09 02:53:44 | 001,464,412 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\oy8uoj.wav
[2010/10/09 02:26:34 | 001,455,566 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\ahhhh.wav
[2010/10/09 01:39:13 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Maio\Desktop\ATF-Cleaner.exe
[2010/10/07 18:54:12 | 000,198,299 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\328.flp
[2010/10/06 23:05:20 | 002,914,600 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\gyi7y97.wav
[2010/10/06 22:57:47 | 002,197,548 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\i8yt88t6.wav
[2010/10/06 17:19:00 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/06 00:51:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/05 21:31:03 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/04 22:31:09 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/10/04 22:18:19 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\Jackie\Desktop\Microsoft Works.LNK
[2010/10/04 22:17:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jackie\Application Data\wklnhst.dat
[2010/09/30 20:09:20 | 000,582,226 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\75566.wav
[2010/09/30 19:56:40 | 000,631,388 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\dgfb dgfbn.wav
[2010/09/30 19:49:57 | 000,156,066 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\dxrfthuo[.wav
[2010/09/30 19:49:11 | 000,156,730 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\rhygi.wav
[2010/09/30 19:05:08 | 000,315,476 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\ergte.wav
[2010/09/28 23:31:16 | 002,360,988 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\1.wav
[2010/09/28 23:23:38 | 003,661,772 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\drtyuhjtfuff9i6.mp3
[2010/09/28 23:12:08 | 000,034,308 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/24 16:21:41 | 501,731,328 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/22 00:38:29 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/10/21 22:09:22 | 003,065,826 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Young Pride Pocket Full Of Dreams(produced by Ayy b-beats).mp3
[2010/10/20 00:18:41 | 000,404,114 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\gyfhkjhl.wav
[2010/10/20 00:14:27 | 000,538,924 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\fx3.wav
[2010/10/20 00:01:22 | 001,759,190 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\DayToday ep.5- On My Job.mp3
[2010/10/20 00:00:12 | 001,483,546 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\DayToday ep.6 (We Love Everybody).mp3
[2010/10/19 00:16:03 | 000,762,372 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\trhtyj.wav
[2010/10/19 00:14:49 | 001,135,804 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Jingle Bells, Instrumental.mp3
[2010/10/19 00:11:26 | 000,102,398 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\trhut.wav
[2010/10/19 00:11:19 | 000,022,950 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\drhth.wav
[2010/10/19 00:09:55 | 000,422,994 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\How to make a glow torch.mp3
[2010/10/18 23:34:29 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Internet.lnk
[2010/10/18 23:32:39 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Windows Media Player.lnk
[2010/10/18 23:32:28 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/18 23:32:28 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/10/18 23:32:28 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2010/10/18 23:32:27 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/10/18 00:38:57 | 001,035,126 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\fs.wav
[2010/10/17 23:41:42 | 000,266,666 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\wooo.wav
[2010/10/17 23:37:16 | 002,730,977 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\DEVO - Working In A Coalmine.mp3
[2010/10/17 23:03:14 | 000,318,706 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\fx2.wav
[2010/10/17 02:56:27 | 000,304,142 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\op;'l.wav
[2010/10/17 02:54:42 | 001,629,236 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\20101017-0253-[www.flvto.com].mp3
[2010/10/17 02:40:42 | 004,659,023 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Example - Kickstarts Bar 9 Remix.mp3
[2010/10/16 00:16:36 | 002,421,906 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\begin.wav
[2010/10/16 00:13:26 | 001,212,600 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\huyiyhuo.wav
[2010/10/16 00:13:10 | 001,211,976 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\tfijhgk.wav
[2010/10/16 00:09:49 | 004,369,377 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Noisses - End Of.mp3
[2010/10/16 00:08:22 | 005,819,277 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\The Streets - In The Middle (Nero Remix).mp3
[2010/10/15 00:53:10 | 002,402,862 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\sun3.wav
[2010/10/15 00:48:04 | 001,209,304 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\sun2.wav
[2010/10/15 00:22:29 | 000,307,624 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\fx.wav
[2010/10/15 00:20:36 | 001,208,978 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\sun.wav
[2010/10/15 00:20:13 | 003,065,762 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Soulja Boy - Touchdown Instrumental (W Hook) && DL.mp3
[2010/10/14 23:47:46 | 004,974,582 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Cassius - The Sound Of Violence (Tha Trickaz Remix).mp3
[2010/10/12 19:40:13 | 000,717,712 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\929296.wav
[2010/10/12 19:33:13 | 000,714,700 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\515151.wav
[2010/10/12 19:30:18 | 003,204,525 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Krypton and nGage - Forget Me Now.mp3
[2010/10/11 00:11:09 | 002,289,892 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\why4.wav
[2010/10/11 00:07:17 | 001,320,000 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\why3.wav
[2010/10/10 23:21:27 | 001,936,052 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\why2.wav
[2010/10/10 23:06:54 | 000,970,482 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\why1.wav
[2010/10/09 02:51:49 | 001,464,412 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\oy8uoj.wav
[2010/10/09 02:26:34 | 001,455,566 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\ahhhh.wav
[2010/10/06 23:05:19 | 002,914,600 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\gyi7y97.wav
[2010/10/06 22:57:46 | 002,197,548 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\i8yt88t6.wav
[2010/10/06 00:34:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/04 22:18:18 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Jackie\Desktop\Microsoft Works.LNK
[2010/10/04 22:17:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jackie\Application Data\wklnhst.dat
[2010/09/30 20:07:42 | 000,582,226 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\75566.wav
[2010/09/30 19:49:57 | 000,156,066 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\dxrfthuo[.wav
[2010/09/30 19:49:10 | 000,156,730 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\rhygi.wav
[2010/09/30 19:10:46 | 000,631,388 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\dgfb dgfbn.wav
[2010/09/30 19:05:08 | 000,315,476 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\ergte.wav
[2010/09/28 23:31:16 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Maio\Application Data\WavCodec.wff
[2010/09/28 23:31:15 | 002,360,988 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\1.wav
[2010/09/28 23:23:38 | 003,661,772 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\drtyuhjtfuff9i6.mp3
[2010/09/28 23:11:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/09/19 23:45:44 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Maio\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 01:43:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 00:24:02 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/08/26 00:23:40 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/08/26 00:16:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/01 04:58:31 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/01 04:58:30 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/01 04:58:29 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/01 04:58:27 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/01 04:58:27 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/01 04:58:27 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/01 04:58:23 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/01/03 21:24:22 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Walter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
[2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/10/18 23:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\NCH Swift Sound
[2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\SampleView
[2010/10/05 00:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackie\Application Data\FrostWire
[2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackie\Application Data\SampleView
[2010/10/04 22:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackie\Application Data\Template
[2010/10/09 01:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maio\Application Data\NCH Swift Sound
[2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maio\Application Data\SampleView
[2010/08/27 00:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\SampleView
[2010/08/26 01:34:18 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2010/09/10 01:15:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job
[2010/10/24 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/10/22 00:38:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========

< End of report >

Broni · Oct 25, 2010

One of your serious problems is this:

Drive C: | 88.72 Gb Total Space | 0.69 Gb Free Space | 0.77% Space Free

I'm surprised, your computer boots at all.

========================================================================

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
IE - HKU\Maio_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15486&l=dis
IE - HKU\Maio_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Bryan_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Jackie_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Maio_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Walter_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] File not found
O4 - HKU\Maio_ON_C..\Run: [KOO9RV9K4Z] C:\DOCUME~1\Maio\LOCALS~1\Temp\Ppc.exe File not found
[2010/10/18 23:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Local Settings\Application Data\AskToolbar
[2010/10/04 21:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010/09/29 21:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walter\Local Settings\Application Data\AskToolbar
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/08/26 01:34:18 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2010/09/10 01:15:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job
[2010/10/24 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job


:Services

:Reg

:Files
C:\Program Files\Ask.com


:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into windows.

Let me know, if the computer is any more stable.
If so, start moving stuff out (to USB stick, external drive, CDs....)
Start with tons of music files on your desktop.
Uninstall unused programs.

elseco60 · Oct 25, 2010

Hello

Thanks for your help

Yes my computer seems to be more stable after the scan

its still slow especially when I go to internet explorer

I have a question in regards to moving my son’s music which is on the desktop

If I move it to the “D” drive on the same computer will that improve the performance?

Also at shutdown, it gives a BSOD with this message

“a device driver attempting to corrupt the system has been caught.
The faulty driver currently on the kernel stack must be replaced with a working version………"

Stop 0x000000C4.etc,tetc

The OTL log is too big to post here. Its a total of 556, 514 characters. The post only allows 50,000 characters. Is it normal for the log to be so large? Or am i doing something wrong?

Thanks.

Broni · Oct 25, 2010

Yes my computer seems to be more stable after the scan

That's all we need for now.
It'll allow us to run some more tools.

Moving stuff to drive D will be perfectly fine.

Let me know, when you achieved more space.
I don't want to ask you to download more tools, when your hard drive space is screaming for a free space.

We'll go from there.

elseco60 · Oct 27, 2010

hello
i free some space from c drive .
computer is very slow still give the bsod
please advise

Broni · Oct 27, 2010

Well, we just barely started....

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

elseco60 · Oct 27, 2010

here is the malwarebyte log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4971

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/27/2010 8:37:18 PM
mbam-log-2010-10-27 (20-37-18).txt

Scan type: Quick scan
Objects scanned: 184415
Time elapsed: 21 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Broni · Oct 28, 2010

Go on...........

elseco60 · Oct 30, 2010

hi
i am having problems trying to run gmer in normal mode it give bsod.
i have to reboot every time
so i decide to run it in safe mode i do not know if is ok
but i got another problem i can not see the copy or the save buton at the botom of the screen so when the scan finished i can copy to desktop.
looks like the resolution is to big
i try to change it from 640x80 to 1024x768 but it does not change
any suggestions will be apreciated

Broni · Oct 30, 2010

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

elseco60 · Oct 30, 2010

is ok to run combo fix in safe mode

Broni · Oct 30, 2010

Yes, IF it won't run in normal mode.

elseco60 · Oct 30, 2010

sorry for the delay i was able to run combo fix in safe mode here is the log
ComboFix 10-10-30.01 - Owner 10/30/2010 15:39:09.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1502.1225 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\check_LSA7.txt
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-28 03:03 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 03:03 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 02:35 . 2010-05-26 17:39 6144 ------w- c:\windows\system32\1C.tmp
2010-10-28 02:32 . 2010-05-26 17:39 6144 ------w- c:\windows\system32\1B.tmp
2010-10-28 02:31 . 2010-05-26 17:39 6144 ------w- c:\windows\system32\1A.tmp
2010-10-28 02:31 . 2010-10-28 02:31 -------- d-----w- c:\program files\Sophos
2010-10-28 01:47 . 2010-10-28 02:40 -------- d-----w- c:\windows\BDOSCAN8
2010-10-22 00:38 . 2010-10-22 00:39 -------- d-----w- c:\program files\Paint.NET
2010-10-19 03:32 . 2010-10-19 03:34 -------- d-----w- c:\documents and settings\Bryan
2010-10-17 00:03 . 2010-10-17 00:03 -------- d-----w- c:\documents and settings\Walter\Local Settings\Application Data\Temp
2010-10-13 21:11 . 2010-01-03 05:34 -------- d-----w- c:\program files\coolpro2
2010-10-09 05:45 . 2010-10-09 05:45 -------- d-----w- c:\program files\NCH Swift Sound
2010-10-06 20:55 . 2010-10-06 20:55 -------- d-----w- c:\windows\system32\LogFiles
2010-10-06 04:38 . 2010-10-06 04:38 -------- d-----w- c:\windows\Sun
2010-10-05 04:03 . 2010-10-05 04:03 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Apple
2010-10-05 03:47 . 2010-10-05 04:57 -------- d-----w- c:\documents and settings\Jackie\Application Data\FrostWire
2010-10-05 02:39 . 2010-10-05 02:39 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Microsoft Help
2010-10-05 02:39 . 2010-10-08 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-10-05 02:37 . 2010-10-05 02:37 -------- d-----r- C:\MSOCache
2010-10-05 02:28 . 2010-10-05 02:28 -------- d-----w- c:\program files\Microsoft.NET
2010-10-05 02:17 . 2010-10-05 02:17 -------- d-----w- c:\documents and settings\Jackie\Application Data\Template

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 23:59 . 2005-01-01 07:13 90112 ----a-w- c:\windows\DUMP3f6a.tmp
2010-09-07 15:12 . 2010-08-29 20:30 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-08-29 20:30 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-08-29 20:31 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-08-29 20:31 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-08-29 20:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-08-29 20:31 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-08-29 20:31 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-08-29 20:31 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-08-29 20:31 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-27 02:32 . 2010-08-27 02:32 1726 ----a-w- c:\windows\ndinst.exe
2010-08-27 02:32 . 2010-08-27 02:32 14750 ----a-w- c:\windows\system32\mdc8021x.vxd
2010-08-26 04:29 . 2010-08-26 04:29 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2010-08-26 04:29 . 2010-08-26 04:29 24576 -c--a-w- c:\windows\system32\prefscpl.cpl
2010-08-10 13:15 . 2010-08-10 13:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 13:15 . 2010-08-10 13:15 69632 -c--a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HostManager"="c:\program files\Common Files\AOL\1282796920\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1282796920\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\My Backup -- 10-08-25 0837PM\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/29/2010 1:31 PM 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/29/2010 1:31 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2010 5:58 PM 136176]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\1C.tmp [10/27/2010 7:35 PM 6144]
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 00:57]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 00:57]

2010-08-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-20 19:00]

2010-09-10 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-20 19:00]

2010-10-22 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-10-09 05:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-30 15:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-10-30 15:48:21
ComboFix-quarantined-files.txt 2010-10-30 22:48

Pre-Run: 3,538,640,896 bytes free
Post-Run: 3,498,303,488 bytes free

- - End Of File - - 1C00B464BE4E05EC6B82484CB796A26D

Broni · Oct 30, 2010

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\1A.tmp
c:\windows\system32\1B.tmp
c:\windows\system32\1C.tmp
c:\windows\DUMP3f6a.tmp
c:\windows\Tasks\ISP signup reminder 1.job
c:\windows\Tasks\ISP signup reminder 3.job

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

elseco60 · Oct 30, 2010

hi again here it is
ComboFix 10-10-30.01 - Owner 10/30/2010 19:48:51.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1502.1226 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\DUMP3f6a.tmp"
"c:\windows\system32\1A.tmp"
"c:\windows\system32\1B.tmp"
"c:\windows\system32\1C.tmp"
"c:\windows\Tasks\ISP signup reminder 1.job"
"c:\windows\Tasks\ISP signup reminder 3.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\DUMP3f6a.tmp
c:\windows\system32\1A.tmp
c:\windows\system32\1B.tmp
c:\windows\system32\1C.tmp
c:\windows\Tasks\ISP signup reminder 1.job
c:\windows\Tasks\ISP signup reminder 3.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-28 03:03 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 03:03 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 02:31 . 2010-10-28 02:31 -------- d-----w- c:\program files\Sophos
2010-10-28 01:47 . 2010-10-28 02:40 -------- d-----w- c:\windows\BDOSCAN8
2010-10-22 00:38 . 2010-10-22 00:39 -------- d-----w- c:\program files\Paint.NET
2010-10-19 03:32 . 2010-10-19 03:34 -------- d-----w- c:\documents and settings\Bryan
2010-10-17 00:03 . 2010-10-17 00:03 -------- d-----w- c:\documents and settings\Walter\Local Settings\Application Data\Temp
2010-10-13 21:11 . 2010-01-03 05:34 -------- d-----w- c:\program files\coolpro2
2010-10-09 05:45 . 2010-10-09 05:45 -------- d-----w- c:\program files\NCH Swift Sound
2010-10-06 20:55 . 2010-10-06 20:55 -------- d-----w- c:\windows\system32\LogFiles
2010-10-06 04:38 . 2010-10-06 04:38 -------- d-----w- c:\windows\Sun
2010-10-05 04:03 . 2010-10-05 04:03 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Apple
2010-10-05 03:47 . 2010-10-05 04:57 -------- d-----w- c:\documents and settings\Jackie\Application Data\FrostWire
2010-10-05 02:39 . 2010-10-05 02:39 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Microsoft Help
2010-10-05 02:39 . 2010-10-08 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-10-05 02:37 . 2010-10-05 02:37 -------- d-----r- C:\MSOCache
2010-10-05 02:28 . 2010-10-05 02:28 -------- d-----w- c:\program files\Microsoft.NET
2010-10-05 02:17 . 2010-10-05 02:17 -------- d-----w- c:\documents and settings\Jackie\Application Data\Template

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 15:12 . 2010-08-29 20:30 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-08-29 20:30 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-08-29 20:31 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-08-29 20:31 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-08-29 20:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-08-29 20:31 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-08-29 20:31 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-08-29 20:31 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-08-29 20:31 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-27 02:32 . 2010-08-27 02:32 1726 ----a-w- c:\windows\ndinst.exe
2010-08-27 02:32 . 2010-08-27 02:32 14750 ----a-w- c:\windows\system32\mdc8021x.vxd
2010-08-26 04:29 . 2010-08-26 04:29 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2010-08-26 04:29 . 2010-08-26 04:29 24576 -c--a-w- c:\windows\system32\prefscpl.cpl
2010-08-10 13:15 . 2010-08-10 13:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 13:15 . 2010-08-10 13:15 69632 -c--a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HostManager"="c:\program files\Common Files\AOL\1282796920\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1282796920\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\My Backup -- 10-08-25 0837PM\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/29/2010 1:31 PM 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/29/2010 1:31 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2010 5:58 PM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 00:57]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 00:57]

2010-10-22 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-10-09 05:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-30 20:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1708)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-10-30 20:14:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-31 03:14
ComboFix2.txt 2010-10-30 22:48

Pre-Run: 3,506,397,184 bytes free
Post-Run: 2,852,806,656 bytes free

- - End Of File - - 69DFC928BE4017D8490E5F8D98859AC8

Broni · Oct 31, 2010

Good

How is computer doing at the moment?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

elseco60 · Oct 31, 2010

hi broni
computer is doing a little bit better still very slow

OTL logfile created on: 10/30/2010 9:45:02 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.72 Gb Total Space | 1.21 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 14.91 Gb Free Space | 20.00% Space Free | Partition Type: NTFS
Drive E: | 4.43 Gb Total Space | 2.31 Gb Free Space | 52.21% Space Free | Partition Type: FAT32

Computer Name: THECRAZY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/30 21:30:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/10/04 18:59:46 | 003,016,560 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2010/09/08 17:58:19 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/25 21:11:14 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2010/08/13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/03 14:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1282796920\EE\AOLHostManager.exe
PRC - [2004/11/03 14:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1282796920\EE\AOLServiceHost.exe
PRC - [2004/10/18 17:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 13:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

========== Modules (SafeList) ==========

MOD - [2010/10/30 21:30:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/25 21:11:14 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2010/08/13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/25 21:29:41 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/09/26 15:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/09/18 08:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/07/29 17:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 17:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/10 17:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 17:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/04 12:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 12:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 12:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 12:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 12:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 12:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 12:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 12:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 12:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 12:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 12:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 12:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 12:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 12:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 12:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 16:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 16:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 06:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/10/30 20:09:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1282796920\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/27 19:03:16 | 000,000,060 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - E:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 21:30:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/30 20:14:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/30 14:22:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/30 13:37:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/30 13:37:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/30 13:37:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/30 13:37:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/30 13:35:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/30 13:17:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/27 20:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/10/27 20:03:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/27 20:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/27 20:03:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/27 20:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/27 19:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/27 19:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2010/10/27 18:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/10/27 08:04:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/10/21 17:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/10/13 14:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\coolpro2
[2010/10/08 22:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/10/06 14:14:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/06 13:55:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/10/05 21:38:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/10/04 19:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/10/04 19:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/10/04 19:37:25 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/10/04 19:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/04 18:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/31 00:08:38 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/30 21:37:29 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/30 21:36:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/30 21:35:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/30 21:35:39 | 1575,473,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/30 21:30:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/30 20:09:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/30 17:44:19 | 000,085,504 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/30 15:34:39 | 003,896,496 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/10/30 14:22:47 | 000,000,316 | RHS- | M] () -- C:\boot.ini
[2010/10/30 09:54:45 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/10/27 20:03:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 18:42:14 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/27 18:42:14 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/27 18:33:30 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/21 21:38:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/10/19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/10/06 14:19:03 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/06 14:19:00 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/05 21:51:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/05 18:31:03 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/04 19:31:09 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/30 21:35:37 | 1575,473,152 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/30 14:22:44 | 000,000,199 | ---- | C] () -- C:\Boot.bak
[2010/10/30 14:22:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/30 13:37:30 | 000,085,504 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/30 13:37:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/30 13:37:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/30 13:37:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/30 13:37:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/30 13:10:52 | 003,896,496 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/10/30 09:54:44 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/10/30 09:38:39 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/10/27 20:03:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/21 21:38:29 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/10/05 21:34:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/28 20:11:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/08/25 22:43:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 21:24:02 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/08/25 21:23:40 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/08/25 21:16:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2006/02/01 01:58:31 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/01 01:58:30 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/01 01:58:29 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/01 01:58:27 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/01 01:58:27 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/01 01:58:27 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/01 01:58:23 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/27 03:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 09:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 09:12:43 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 03:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/08/29 13:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/27 08:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/10/05 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/08/25 21:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/01/03 19:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/26 21:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2010/08/25 21:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/10/21 21:38:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/08/25 21:24:46 | 000,000,189 | ---- | M] () -- C:\audio.log
[2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/29 13:34:41 | 000,000,199 | ---- | M] () -- C:\Boot.bak
[2010/10/30 14:22:47 | 000,000,316 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/30 20:14:08 | 000,010,194 | ---- | M] () -- C:\ComboFix.txt
[2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/30 21:35:39 | 1575,473,152 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/25 21:30:40 | 000,001,078 | -H-- | M] () -- C:\IPH.PH
[2010/08/25 21:11:39 | 000,000,086 | ---- | M] () -- C:\lan.log
[2010/08/25 20:37:37 | 000,000,064 | ---- | M] () -- C:\MOVE_RECOVERY
[2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 12:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/08/25 21:25:24 | 000,000,086 | ---- | M] () -- C:\nvida.log
[2004/12/31 22:23:54 | 001,111,862 | ---- | M] () -- C:\OTL.Txt
[2010/10/30 21:35:34 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/10/24 17:11:12 | 000,000,508 | ---- | M] () -- C:\rapport.txt
[2010/10/23 17:06:19 | 000,000,498 | ---- | M] () -- C:\RootRepeal report 10-23-10 (17-06-19).txt
[2010/08/25 21:05:02 | 000,000,002 | RHS- | M] () -- C:\USER

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/04 12:00:00 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 15:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/26 03:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 03:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 03:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/08/26 11:04:46 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/08/26 11:09:50 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/26 11:09:49 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/30 15:34:39 | 003,896,496 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/10/19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/10/30 09:54:45 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/10/30 21:30:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/08/26 11:09:49 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini
[2010/08/26 21:58:06 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Owner\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/30 21:37:31 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 01:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 12:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 08:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 08:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 08:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/13 09:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 08:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 08:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 08:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 08:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 08:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

elseco60 · Oct 31, 2010

OTL Extras logfile created on: 10/30/2010 9:45:02 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.72 Gb Total Space | 1.21 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 14.91 Gb Free Space | 20.00% Space Free | Partition Type: NTFS
Drive E: | 4.43 Gb Total Space | 2.31 Gb Free Space | 52.21% Space Free | Partition Type: FAT32

Computer Name: THECRAZY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1282796920\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1282796920\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\My Backup -- 10-08-25 0837PM\Program Files\FrostWire\FrostWire.exe" = C:\My Backup -- 10-08-25 0837PM\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{267AB309-8021-4CAE-9698-D9A0BEEF7FBA}" = Paint.NET v3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"America Online us" = America Online (Choose which version to remove)
"AOL Spyware Protection" = AOL Spyware Protection
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"RealPlayer 6.0" = RealPlayer Basic
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2010 11:10:04 PM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009e1e.

Error - 9/28/2010 11:10:51 PM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009e1e.

Error - 9/29/2010 12:39:30 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009dd2.

Error - 1/4/2005 1:06:46 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application quickcam.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 1/4/2005 1:06:52 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 1/4/2005 1:08:49 AM | Computer Name = THECRAZY | Source = Application Hang | ID = 1002
Description = Hanging application Quickcam.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/4/2005 1:30:17 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application quickcam.exe, version 11.80.1065.0, faulting
module quickcam.exe, version 11.80.1065.0, fault address 0x000426ca.

Error - 1/4/2005 1:44:21 AM | Computer Name = THECRAZY | Source = Application Hang | ID = 1002
Description = Hanging application Quickcam.exe, version 11.80.1065.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 9/28/2010 11:10:04 PM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009e1e.

Error - 9/28/2010 11:10:51 PM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009e1e.

Error - 9/29/2010 12:39:30 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009dd2.

Error - 1/4/2005 1:06:46 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application quickcam.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 1/4/2005 1:06:52 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 1/4/2005 1:08:49 AM | Computer Name = THECRAZY | Source = Application Hang | ID = 1002
Description = Hanging application Quickcam.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/4/2005 1:30:17 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
Description = Faulting application quickcam.exe, version 11.80.1065.0, faulting
module quickcam.exe, version 11.80.1065.0, fault address 0x000426ca.

Error - 1/4/2005 1:44:21 AM | Computer Name = THECRAZY | Source = Application Hang | ID = 1002
Description = Hanging application Quickcam.exe, version 11.80.1065.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

< End of report >

Broni · Oct 31, 2010

One of the reasons, your computer is slow is this:

Drive C: | 88.72 Gb Total Space | 1.21 Gb Free Space | 1.36% Space Free

You must start moving stuff out drive C immediately, or it may not boot at all one day.

==========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

=====================================================================

OTL log looks perfectly clean, so...

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

elseco60 · Nov 1, 2010

hi broni
did you have time to look my last post
i really desperate for help can you please tell me what is my next step
and i thank you for your time
pardon me for my english

\

Broni · Nov 1, 2010

I posted instructions for you.
Didn't you read them?
Look at my previous reply.

Solved Xp copy of mbr

Posts: 59 +0

Attachments

Posts: 56,041 +516

Posts: 59 +0

Attachments

Posts: 56,041 +516

Posts: 59 +0

Posts: 56,041 +516

Posts: 59 +0

Posts: 56,041 +516

Posts: 59 +0

Posts: 56,041 +516

Posts: 59 +0

Posts: 56,041 +516

Posts: 59 +0

Posts: 56,041 +516

Posts: 59 +0

Posts: 56,041 +516

Posts: 59 +0

Posts: 56,041 +516

Posts: 59 +0

Posts: 56,041 +516

Posts: 59 +0

Posts: 59 +0

Posts: 56,041 +516

Posts: 59 +0

Posts: 56,041 +516

Similar threads