TechSpot

Xp copy of mbr

By elseco60
Oct 24, 2010
  1. please help my computer crash every time on normal mode
    on safe mode some times works for about 5 min
    it give me blue screen
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  3. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    thank you for your reply
    here iis the otl log
    please guide me on the next steps
     

    Attached Files:

    • OTL.Txt
      File size:
      84.2 KB
      Views:
      1
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  5. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    sorry iam new here it is

    OTL logfile created on: 10/24/2010 6:38:20 PM - Run
    OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    478.00 Mb Total Physical Memory | 262.00 Mb Available Physical Memory | 55.00% Memory free
    382.00 Mb Paging File | 290.00 Mb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 88.72 Gb Total Space | 0.69 Gb Free Space | 0.77% Space Free | Partition Type: NTFS
    Drive D: | 74.53 Gb Total Space | 35.43 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
    Drive E: | 4.43 Gb Total Space | 2.31 Gb Free Space | 52.20% Space Free | Partition Type: FAT32
    Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet002

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/08/26 00:11:14 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2010/08/13 16:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2004/10/20 10:40:04 | 000,010,328 | ---- | M] (America Online) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/08/26 00:29:41 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2005/10/27 18:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
    DRV - [2005/09/26 18:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/09/18 11:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2004/11/10 20:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2004/11/10 20:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2004/08/04 15:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
    DRV - [2004/08/04 15:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
    DRV - [2004/08/04 15:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
    DRV - [2004/08/04 15:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
    DRV - [2004/08/04 15:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
    DRV - [2004/08/04 15:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
    DRV - [2004/08/04 15:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
    DRV - [2004/08/04 15:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
    DRV - [2004/08/04 15:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
    DRV - [2004/08/04 15:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
    DRV - [2004/08/04 15:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
    DRV - [2004/08/04 15:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
    DRV - [2004/08/04 15:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
    DRV - [2004/08/04 15:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
    DRV - [2004/08/04 15:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
    DRV - [2004/08/04 03:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2004/08/03 19:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp)
    DRV - [2004/08/03 19:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Bryan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
    IE - HKU\Bryan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Jackie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
    IE - HKU\Jackie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\Maio_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15486&l=dis
    IE - HKU\Maio_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\Maio_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\Walter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\Walter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Walter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    O1 HOSTS File: ([2010/10/24 20:14:08 | 000,001,468 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\Bryan_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\Bryan_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\Jackie_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\Jackie_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\Maio_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\Maio_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\Walter_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\Walter_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1282796920\EE\AOLHostManager.exe (America Online, Inc.)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] File not found
    O4 - HKU\Bryan_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\Jackie_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\Maio_ON_C..\Run: [KOO9RV9K4Z] C:\DOCUME~1\Maio\LOCALS~1\Temp\Ppc.exe File not found
    O4 - HKU\Maio_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\Owner_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\Walter_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Bryan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Jackie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Maio_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Walter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/10/27 22:03:16 | 000,000,060 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/04/18 14:04:24 | 000,000,090 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - E:\autorun.inf.aug.8 -- [ FAT32 ]
    O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ FAT32 ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/21 23:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Local Settings\Application Data\Paint.NET
    [2010/10/21 20:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Local Settings\Application Data\WMTools Downloaded Files
    [2010/10/21 20:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
    [2010/10/18 23:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\NCH Swift Sound
    [2010/10/18 23:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Macromedia
    [2010/10/18 23:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Adobe
    [2010/10/18 23:34:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bryan\PrivacIE
    [2010/10/18 23:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Local Settings\Application Data\Google
    [2010/10/18 23:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Google
    [2010/10/18 23:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Local Settings\Application Data\AskToolbar
    [2010/10/18 23:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Apple Computer
    [2010/10/18 23:32:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bryan\IETldCache
    [2010/10/18 23:32:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Bryan\Application Data\Microsoft
    [2010/10/18 23:32:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bryan\SendTo
    [2010/10/18 23:32:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bryan\Recent
    [2010/10/18 23:32:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bryan\Application Data
    [2010/10/18 23:32:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bryan\Start Menu
    [2010/10/18 23:32:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bryan\My Documents\My Pictures
    [2010/10/18 23:32:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bryan\My Documents\My Music
    [2010/10/18 23:32:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bryan\My Documents
    [2010/10/18 23:32:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bryan\Favorites
    [2010/10/18 23:32:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bryan\Cookies
    [2010/10/18 23:32:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bryan\Templates
    [2010/10/18 23:32:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bryan\PrintHood
    [2010/10/18 23:32:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bryan\NetHood
    [2010/10/18 23:32:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bryan\Local Settings
    [2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\You've Got Pictures Screensaver
    [2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\WINDOWS
    [2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\SampleView
    [2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Local Settings\Application Data\Microsoft
    [2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Identities
    [2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Desktop
    [2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\AOL
    [2010/10/18 23:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
    [2010/10/16 20:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walter\Local Settings\Application Data\Temp
    [2010/10/13 17:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Application Data\Syntrillium
    [2010/10/13 17:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\coolpro2
    [2010/10/09 01:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
    [2010/10/09 01:39:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Maio\Desktop\ATF-Cleaner.exe
    [2010/10/06 17:14:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/10/06 16:55:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010/10/06 00:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Application Data\AdobeUM
    [2010/10/06 00:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Local Settings\Application Data\Adobe
    [2010/10/06 00:38:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2010/10/06 00:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Application Data\Sun
    [2010/10/05 23:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Desktop\am
    [2010/10/05 00:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\My Documents\CADV 250
    [2010/10/05 00:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Local Settings\Application Data\Apple
    [2010/10/04 23:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Desktop\Music
    [2010/10/04 23:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\My Documents\FrostWire
    [2010/10/04 23:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Application Data\FrostWire
    [2010/10/04 22:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
    [2010/10/04 22:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Local Settings\Application Data\Microsoft Help
    [2010/10/04 22:37:25 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2010/10/04 22:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010/10/04 22:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Application Data\Template
    [2010/10/04 21:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
    [2010/10/04 21:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
    [2010/09/29 21:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walter\Local Settings\Application Data\AskToolbar
    [2010/09/28 23:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Application Data\NCH Swift Sound
    [2010/09/28 23:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
    [2010/09/25 17:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maio\Local Settings\Application Data\Apple
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/10/24 20:08:44 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/24 20:08:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/24 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2010/10/24 19:58:54 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/10/24 19:57:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/24 19:57:24 | 501,731,328 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/24 16:53:03 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/24 16:48:26 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/24 16:48:26 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/23 20:16:55 | 000,003,848 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
    [2010/10/22 18:35:27 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Maio\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/22 00:38:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
    [2010/10/21 22:09:22 | 003,065,826 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Young Pride Pocket Full Of Dreams(produced by Ayy b-beats).mp3
    [2010/10/20 00:18:41 | 000,404,114 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\gyfhkjhl.wav
    [2010/10/20 00:14:28 | 000,538,924 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\fx3.wav
    [2010/10/20 00:01:22 | 001,759,190 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\DayToday ep.5- On My Job.mp3
    [2010/10/20 00:00:12 | 001,483,546 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\DayToday ep.6 (We Love Everybody).mp3
    [2010/10/19 00:26:52 | 000,102,398 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\trhut.wav
    [2010/10/19 00:16:03 | 000,762,372 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\trhtyj.wav
    [2010/10/19 00:15:03 | 001,135,804 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Jingle Bells, Instrumental.mp3
    [2010/10/19 00:11:23 | 000,022,950 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\drhth.wav
    [2010/10/19 00:10:00 | 000,422,994 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\How to make a glow torch.mp3
    [2010/10/18 23:34:29 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Internet.lnk
    [2010/10/18 23:32:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/18 23:32:39 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Windows Media Player.lnk
    [2010/10/18 00:38:58 | 001,035,126 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\fs.wav
    [2010/10/17 23:47:24 | 000,266,666 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\wooo.wav
    [2010/10/17 23:37:17 | 002,730,977 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\DEVO - Working In A Coalmine.mp3
    [2010/10/17 23:03:15 | 000,318,706 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\fx2.wav
    [2010/10/17 02:56:27 | 000,304,142 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\op;'l.wav
    [2010/10/17 02:54:42 | 001,629,236 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\20101017-0253-[www.flvto.com].mp3
    [2010/10/17 02:40:42 | 004,659,023 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Example - Kickstarts Bar 9 Remix.mp3
    [2010/10/16 00:16:37 | 002,421,906 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\begin.wav
    [2010/10/16 00:13:26 | 001,212,600 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\huyiyhuo.wav
    [2010/10/16 00:13:10 | 001,211,976 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\tfijhgk.wav
    [2010/10/16 00:09:53 | 004,369,377 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Noisses - End Of.mp3
    [2010/10/16 00:08:22 | 005,819,277 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\The Streets - In The Middle (Nero Remix).mp3
    [2010/10/15 00:53:10 | 002,402,862 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\sun3.wav
    [2010/10/15 00:48:05 | 001,209,304 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\sun2.wav
    [2010/10/15 00:22:30 | 000,307,624 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\fx.wav
    [2010/10/15 00:20:37 | 001,208,978 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\sun.wav
    [2010/10/15 00:20:13 | 003,065,762 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Soulja Boy - Touchdown Instrumental (W Hook) && DL.mp3
    [2010/10/14 23:47:46 | 004,974,582 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Cassius - The Sound Of Violence (Tha Trickaz Remix).mp3
    [2010/10/12 19:42:45 | 000,717,712 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\929296.wav
    [2010/10/12 19:33:14 | 000,714,700 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\515151.wav
    [2010/10/12 19:30:18 | 003,204,525 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\Krypton and nGage - Forget Me Now.mp3
    [2010/10/12 00:25:15 | 002,289,892 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\why4.wav
    [2010/10/11 00:07:18 | 001,320,000 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\why3.wav
    [2010/10/10 23:21:28 | 001,936,052 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\why2.wav
    [2010/10/10 23:06:55 | 000,970,482 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\why1.wav
    [2010/10/09 02:53:44 | 001,464,412 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\oy8uoj.wav
    [2010/10/09 02:26:34 | 001,455,566 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\ahhhh.wav
    [2010/10/09 01:39:13 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Maio\Desktop\ATF-Cleaner.exe
    [2010/10/07 18:54:12 | 000,198,299 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\328.flp
    [2010/10/06 23:05:20 | 002,914,600 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\gyi7y97.wav
    [2010/10/06 22:57:47 | 002,197,548 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\i8yt88t6.wav
    [2010/10/06 17:19:00 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/10/06 00:51:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/10/05 21:31:03 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/04 22:31:09 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2010/10/04 22:18:19 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\Jackie\Desktop\Microsoft Works.LNK
    [2010/10/04 22:17:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jackie\Application Data\wklnhst.dat
    [2010/09/30 20:09:20 | 000,582,226 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\75566.wav
    [2010/09/30 19:56:40 | 000,631,388 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\dgfb dgfbn.wav
    [2010/09/30 19:49:57 | 000,156,066 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\dxrfthuo[.wav
    [2010/09/30 19:49:11 | 000,156,730 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\rhygi.wav
    [2010/09/30 19:05:08 | 000,315,476 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\ergte.wav
    [2010/09/28 23:31:16 | 002,360,988 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\1.wav
    [2010/09/28 23:23:38 | 003,661,772 | ---- | M] () -- C:\Documents and Settings\Maio\Desktop\drtyuhjtfuff9i6.mp3
    [2010/09/28 23:12:08 | 000,034,308 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/10/24 16:21:41 | 501,731,328 | -HS- | C] () -- C:\hiberfil.sys
    [2010/10/22 00:38:29 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
    [2010/10/21 22:09:22 | 003,065,826 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Young Pride Pocket Full Of Dreams(produced by Ayy b-beats).mp3
    [2010/10/20 00:18:41 | 000,404,114 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\gyfhkjhl.wav
    [2010/10/20 00:14:27 | 000,538,924 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\fx3.wav
    [2010/10/20 00:01:22 | 001,759,190 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\DayToday ep.5- On My Job.mp3
    [2010/10/20 00:00:12 | 001,483,546 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\DayToday ep.6 (We Love Everybody).mp3
    [2010/10/19 00:16:03 | 000,762,372 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\trhtyj.wav
    [2010/10/19 00:14:49 | 001,135,804 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Jingle Bells, Instrumental.mp3
    [2010/10/19 00:11:26 | 000,102,398 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\trhut.wav
    [2010/10/19 00:11:19 | 000,022,950 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\drhth.wav
    [2010/10/19 00:09:55 | 000,422,994 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\How to make a glow torch.mp3
    [2010/10/18 23:34:29 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Internet.lnk
    [2010/10/18 23:32:39 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Windows Media Player.lnk
    [2010/10/18 23:32:28 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/18 23:32:28 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
    [2010/10/18 23:32:28 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
    [2010/10/18 23:32:27 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2010/10/18 00:38:57 | 001,035,126 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\fs.wav
    [2010/10/17 23:41:42 | 000,266,666 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\wooo.wav
    [2010/10/17 23:37:16 | 002,730,977 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\DEVO - Working In A Coalmine.mp3
    [2010/10/17 23:03:14 | 000,318,706 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\fx2.wav
    [2010/10/17 02:56:27 | 000,304,142 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\op;'l.wav
    [2010/10/17 02:54:42 | 001,629,236 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\20101017-0253-[www.flvto.com].mp3
    [2010/10/17 02:40:42 | 004,659,023 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Example - Kickstarts Bar 9 Remix.mp3
    [2010/10/16 00:16:36 | 002,421,906 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\begin.wav
    [2010/10/16 00:13:26 | 001,212,600 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\huyiyhuo.wav
    [2010/10/16 00:13:10 | 001,211,976 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\tfijhgk.wav
    [2010/10/16 00:09:49 | 004,369,377 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Noisses - End Of.mp3
    [2010/10/16 00:08:22 | 005,819,277 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\The Streets - In The Middle (Nero Remix).mp3
    [2010/10/15 00:53:10 | 002,402,862 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\sun3.wav
    [2010/10/15 00:48:04 | 001,209,304 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\sun2.wav
    [2010/10/15 00:22:29 | 000,307,624 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\fx.wav
    [2010/10/15 00:20:36 | 001,208,978 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\sun.wav
    [2010/10/15 00:20:13 | 003,065,762 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Soulja Boy - Touchdown Instrumental (W Hook) && DL.mp3
    [2010/10/14 23:47:46 | 004,974,582 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Cassius - The Sound Of Violence (Tha Trickaz Remix).mp3
    [2010/10/12 19:40:13 | 000,717,712 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\929296.wav
    [2010/10/12 19:33:13 | 000,714,700 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\515151.wav
    [2010/10/12 19:30:18 | 003,204,525 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\Krypton and nGage - Forget Me Now.mp3
    [2010/10/11 00:11:09 | 002,289,892 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\why4.wav
    [2010/10/11 00:07:17 | 001,320,000 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\why3.wav
    [2010/10/10 23:21:27 | 001,936,052 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\why2.wav
    [2010/10/10 23:06:54 | 000,970,482 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\why1.wav
    [2010/10/09 02:51:49 | 001,464,412 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\oy8uoj.wav
    [2010/10/09 02:26:34 | 001,455,566 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\ahhhh.wav
    [2010/10/06 23:05:19 | 002,914,600 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\gyi7y97.wav
    [2010/10/06 22:57:46 | 002,197,548 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\i8yt88t6.wav
    [2010/10/06 00:34:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/10/04 22:18:18 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Jackie\Desktop\Microsoft Works.LNK
    [2010/10/04 22:17:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jackie\Application Data\wklnhst.dat
    [2010/09/30 20:07:42 | 000,582,226 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\75566.wav
    [2010/09/30 19:49:57 | 000,156,066 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\dxrfthuo[.wav
    [2010/09/30 19:49:10 | 000,156,730 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\rhygi.wav
    [2010/09/30 19:10:46 | 000,631,388 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\dgfb dgfbn.wav
    [2010/09/30 19:05:08 | 000,315,476 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\ergte.wav
    [2010/09/28 23:31:16 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Maio\Application Data\WavCodec.wff
    [2010/09/28 23:31:15 | 002,360,988 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\1.wav
    [2010/09/28 23:23:38 | 003,661,772 | ---- | C] () -- C:\Documents and Settings\Maio\Desktop\drtyuhjtfuff9i6.mp3
    [2010/09/28 23:11:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
    [2010/09/19 23:45:44 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Maio\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/26 01:43:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/26 00:24:02 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2010/08/26 00:23:40 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2010/08/26 00:16:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/02/01 04:58:31 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/02/01 04:58:30 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/02/01 04:58:29 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/02/01 04:58:27 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/02/01 04:58:27 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/02/01 04:58:27 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/02/01 04:58:23 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2005/01/03 21:24:22 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Walter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/08/26 12:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/08/26 12:12:43 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
    [2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    ========== LOP Check ==========

    [2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
    [2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
    [2010/10/18 23:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\NCH Swift Sound
    [2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\SampleView
    [2010/10/05 00:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackie\Application Data\FrostWire
    [2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackie\Application Data\SampleView
    [2010/10/04 22:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackie\Application Data\Template
    [2010/10/09 01:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maio\Application Data\NCH Swift Sound
    [2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maio\Application Data\SampleView
    [2010/08/27 00:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
    [2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
    [2010/08/26 00:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\SampleView
    [2010/08/26 01:34:18 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
    [2010/09/10 01:15:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job
    [2010/10/24 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    [2010/10/22 00:38:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

    ========== Purity Check ==========


    < End of report >
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    One of your serious problems is this:
    I'm surprised, your computer boots at all.

    ========================================================================

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
    IE - HKU\Maio_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15486&l=dis
    IE - HKU\Maio_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\Bryan_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\Jackie_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\Maio_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\Walter_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] File not found
    O4 - HKU\Maio_ON_C..\Run: [KOO9RV9K4Z] C:\DOCUME~1\Maio\LOCALS~1\Temp\Ppc.exe File not found
    [2010/10/18 23:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Local Settings\Application Data\AskToolbar
    [2010/10/04 21:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
    [2010/09/29 21:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walter\Local Settings\Application Data\AskToolbar
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2010/08/26 01:34:18 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
    [2010/09/10 01:15:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job
    [2010/10/24 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    
    
    :Services
    
    :Reg
    
    :Files
    C:\Program Files\Ask.com
    
    
    :Commands
    [purity]
    [emptytemp]
    
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows.


    Let me know, if the computer is any more stable.
    If so, start moving stuff out (to USB stick, external drive, CDs....)
    Start with tons of music files on your desktop.
    Uninstall unused programs.
     
  7. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    Hello

    Thanks for your help

    Yes my computer seems to be more stable after the scan

    its still slow especially when I go to internet explorer

    I have a question in regards to moving my son’s music which is on the desktop

    If I move it to the “D” drive on the same computer will that improve the performance?

    Also at shutdown, it gives a BSOD with this message

    “a device driver attempting to corrupt the system has been caught.
    The faulty driver currently on the kernel stack must be replaced with a working version………"

    Stop 0x000000C4.etc,tetc

    The OTL log is too big to post here. Its a total of 556, 514 characters. The post only allows 50,000 characters. Is it normal for the log to be so large? Or am i doing something wrong?

    Thanks.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    That's all we need for now.
    It'll allow us to run some more tools.

    Moving stuff to drive D will be perfectly fine.

    Let me know, when you achieved more space.
    I don't want to ask you to download more tools, when your hard drive space is screaming for a free space.

    We'll go from there.
     
  9. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    hello
    i free some space from c drive .
    computer is very slow still give the bsod
    please advise
     
  10. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Well, we just barely started....

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    here is the malwarebyte log
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4971

    Windows 5.1.2600 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    10/27/2010 8:37:18 PM
    mbam-log-2010-10-27 (20-37-18).txt

    Scan type: Quick scan
    Objects scanned: 184415
    Time elapsed: 21 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Go on...........
     
  13. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    hi
    i am having problems trying to run gmer in normal mode it give bsod.
    i have to reboot every time
    so i decide to run it in safe mode i do not know if is ok
    but i got another problem i can not see the copy or the save buton at the botom of the screen so when the scan finished i can copy to desktop.
    looks like the resolution is to big
    i try to change it from 640x80 to 1024x768 but it does not change
    any suggestions will be apreciated
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    is ok to run combo fix in safe mode
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yes, IF it won't run in normal mode.
     
  17. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    sorry for the delay i was able to run combo fix in safe mode here is the log
    ComboFix 10-10-30.01 - Owner 10/30/2010 15:39:09.1.1 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1502.1225 [GMT -7:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    D:\check_LSA7.txt
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-28 03:03 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-28 03:03 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-28 02:35 . 2010-05-26 17:39 6144 ------w- c:\windows\system32\1C.tmp
    2010-10-28 02:32 . 2010-05-26 17:39 6144 ------w- c:\windows\system32\1B.tmp
    2010-10-28 02:31 . 2010-05-26 17:39 6144 ------w- c:\windows\system32\1A.tmp
    2010-10-28 02:31 . 2010-10-28 02:31 -------- d-----w- c:\program files\Sophos
    2010-10-28 01:47 . 2010-10-28 02:40 -------- d-----w- c:\windows\BDOSCAN8
    2010-10-22 00:38 . 2010-10-22 00:39 -------- d-----w- c:\program files\Paint.NET
    2010-10-19 03:32 . 2010-10-19 03:34 -------- d-----w- c:\documents and settings\Bryan
    2010-10-17 00:03 . 2010-10-17 00:03 -------- d-----w- c:\documents and settings\Walter\Local Settings\Application Data\Temp
    2010-10-13 21:11 . 2010-01-03 05:34 -------- d-----w- c:\program files\coolpro2
    2010-10-09 05:45 . 2010-10-09 05:45 -------- d-----w- c:\program files\NCH Swift Sound
    2010-10-06 20:55 . 2010-10-06 20:55 -------- d-----w- c:\windows\system32\LogFiles
    2010-10-06 04:38 . 2010-10-06 04:38 -------- d-----w- c:\windows\Sun
    2010-10-05 04:03 . 2010-10-05 04:03 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Apple
    2010-10-05 03:47 . 2010-10-05 04:57 -------- d-----w- c:\documents and settings\Jackie\Application Data\FrostWire
    2010-10-05 02:39 . 2010-10-05 02:39 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Microsoft Help
    2010-10-05 02:39 . 2010-10-08 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-10-05 02:37 . 2010-10-05 02:37 -------- d-----r- C:\MSOCache
    2010-10-05 02:28 . 2010-10-05 02:28 -------- d-----w- c:\program files\Microsoft.NET
    2010-10-05 02:17 . 2010-10-05 02:17 -------- d-----w- c:\documents and settings\Jackie\Application Data\Template

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-23 23:59 . 2005-01-01 07:13 90112 ----a-w- c:\windows\DUMP3f6a.tmp
    2010-09-07 15:12 . 2010-08-29 20:30 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2010-08-29 20:30 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2010-08-29 20:31 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2010-08-29 20:31 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2010-08-29 20:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2010-08-29 20:31 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2010-08-29 20:31 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2010-08-29 20:31 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2010-08-29 20:31 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-08-27 02:32 . 2010-08-27 02:32 1726 ----a-w- c:\windows\ndinst.exe
    2010-08-27 02:32 . 2010-08-27 02:32 14750 ----a-w- c:\windows\system32\mdc8021x.vxd
    2010-08-26 04:29 . 2010-08-26 04:29 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
    2010-08-26 04:29 . 2010-08-26 04:29 24576 -c--a-w- c:\windows\system32\prefscpl.cpl
    2010-08-10 13:15 . 2010-08-10 13:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 13:15 . 2010-08-10 13:15 69632 -c--a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-09 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
    "nwiz"="nwiz.exe" [2005-09-18 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "HostManager"="c:\program files\Common Files\AOL\1282796920\EE\AOLHostManager.exe" [2004-11-03 125528]
    "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1282796920\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\My Backup -- 10-08-25 0837PM\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/29/2010 1:31 PM 165584]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/29/2010 1:31 PM 17744]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2010 5:58 PM 136176]
    S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\1C.tmp [10/27/2010 7:35 PM 6144]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 00:57]

    2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 00:57]

    2010-08-26 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2008-07-20 19:00]

    2010-09-10 c:\windows\Tasks\ISP signup reminder 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2008-07-20 19:00]

    2010-10-22 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-10-09 05:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 15:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\1C.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2010-10-30 15:48:21
    ComboFix-quarantined-files.txt 2010-10-30 22:48

    Pre-Run: 3,538,640,896 bytes free
    Post-Run: 3,498,303,488 bytes free

    - - End Of File - - 1C00B464BE4E05EC6B82484CB796A26D
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\1A.tmp
    c:\windows\system32\1B.tmp
    c:\windows\system32\1C.tmp
    c:\windows\DUMP3f6a.tmp
    c:\windows\Tasks\ISP signup reminder 1.job
    c:\windows\Tasks\ISP signup reminder 3.job
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  19. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    hi again here it is
    ComboFix 10-10-30.01 - Owner 10/30/2010 19:48:51.2.1 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1502.1226 [GMT -7:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\windows\DUMP3f6a.tmp"
    "c:\windows\system32\1A.tmp"
    "c:\windows\system32\1B.tmp"
    "c:\windows\system32\1C.tmp"
    "c:\windows\Tasks\ISP signup reminder 1.job"
    "c:\windows\Tasks\ISP signup reminder 3.job"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\DUMP3f6a.tmp
    c:\windows\system32\1A.tmp
    c:\windows\system32\1B.tmp
    c:\windows\system32\1C.tmp
    c:\windows\Tasks\ISP signup reminder 1.job
    c:\windows\Tasks\ISP signup reminder 3.job

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MEMSWEEP2
    -------\Service_MEMSWEEP2


    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
    .

    2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-28 03:03 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-28 03:03 . 2010-10-28 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-28 03:03 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-28 02:31 . 2010-10-28 02:31 -------- d-----w- c:\program files\Sophos
    2010-10-28 01:47 . 2010-10-28 02:40 -------- d-----w- c:\windows\BDOSCAN8
    2010-10-22 00:38 . 2010-10-22 00:39 -------- d-----w- c:\program files\Paint.NET
    2010-10-19 03:32 . 2010-10-19 03:34 -------- d-----w- c:\documents and settings\Bryan
    2010-10-17 00:03 . 2010-10-17 00:03 -------- d-----w- c:\documents and settings\Walter\Local Settings\Application Data\Temp
    2010-10-13 21:11 . 2010-01-03 05:34 -------- d-----w- c:\program files\coolpro2
    2010-10-09 05:45 . 2010-10-09 05:45 -------- d-----w- c:\program files\NCH Swift Sound
    2010-10-06 20:55 . 2010-10-06 20:55 -------- d-----w- c:\windows\system32\LogFiles
    2010-10-06 04:38 . 2010-10-06 04:38 -------- d-----w- c:\windows\Sun
    2010-10-05 04:03 . 2010-10-05 04:03 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Apple
    2010-10-05 03:47 . 2010-10-05 04:57 -------- d-----w- c:\documents and settings\Jackie\Application Data\FrostWire
    2010-10-05 02:39 . 2010-10-05 02:39 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Microsoft Help
    2010-10-05 02:39 . 2010-10-08 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-10-05 02:37 . 2010-10-05 02:37 -------- d-----r- C:\MSOCache
    2010-10-05 02:28 . 2010-10-05 02:28 -------- d-----w- c:\program files\Microsoft.NET
    2010-10-05 02:17 . 2010-10-05 02:17 -------- d-----w- c:\documents and settings\Jackie\Application Data\Template

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-07 15:12 . 2010-08-29 20:30 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2010-08-29 20:30 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2010-08-29 20:31 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2010-08-29 20:31 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2010-08-29 20:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2010-08-29 20:31 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2010-08-29 20:31 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2010-08-29 20:31 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2010-08-29 20:31 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-08-27 02:32 . 2010-08-27 02:32 1726 ----a-w- c:\windows\ndinst.exe
    2010-08-27 02:32 . 2010-08-27 02:32 14750 ----a-w- c:\windows\system32\mdc8021x.vxd
    2010-08-26 04:29 . 2010-08-26 04:29 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
    2010-08-26 04:29 . 2010-08-26 04:29 24576 -c--a-w- c:\windows\system32\prefscpl.cpl
    2010-08-10 13:15 . 2010-08-10 13:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 13:15 . 2010-08-10 13:15 69632 -c--a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-09 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
    "nwiz"="nwiz.exe" [2005-09-18 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "HostManager"="c:\program files\Common Files\AOL\1282796920\EE\AOLHostManager.exe" [2004-11-03 125528]
    "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1282796920\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\My Backup -- 10-08-25 0837PM\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/29/2010 1:31 PM 165584]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/29/2010 1:31 PM 17744]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2010 5:58 PM 136176]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 00:57]

    2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 00:57]

    2010-10-22 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-10-09 05:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3120
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 20:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1708)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-10-30 20:14:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-31 03:14
    ComboFix2.txt 2010-10-30 22:48

    Pre-Run: 3,506,397,184 bytes free
    Post-Run: 2,852,806,656 bytes free

    - - End Of File - - 69DFC928BE4017D8490E5F8D98859AC8
     
  20. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good :)

    How is computer doing at the moment?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    hi broni
    computer is doing a little bit better still very slow

    OTL logfile created on: 10/30/2010 9:45:02 PM - Run 1
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 88.72 Gb Total Space | 1.21 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
    Drive D: | 74.53 Gb Total Space | 14.91 Gb Free Space | 20.00% Space Free | Partition Type: NTFS
    Drive E: | 4.43 Gb Total Space | 2.31 Gb Free Space | 52.21% Space Free | Partition Type: FAT32

    Computer Name: THECRAZY | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/30 21:30:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2010/10/04 18:59:46 | 003,016,560 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
    PRC - [2010/09/08 17:58:19 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/08/25 21:11:14 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2010/08/13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/11/03 14:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1282796920\EE\AOLHostManager.exe
    PRC - [2004/11/03 14:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1282796920\EE\AOLServiceHost.exe
    PRC - [2004/10/18 17:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
    PRC - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    PRC - [2004/10/15 13:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/30 21:30:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/08/25 21:11:14 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2010/08/13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/08/25 21:29:41 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
    DRV - [2005/09/26 15:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/09/18 08:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/07/29 17:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/07/29 17:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2004/11/10 17:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2004/11/10 17:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2004/08/04 12:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2004/08/04 12:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2004/08/04 12:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2004/08/04 12:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2004/08/04 12:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2004/08/04 12:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2004/08/04 12:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2004/08/04 12:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2004/08/04 12:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2004/08/04 12:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2004/08/04 12:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2004/08/04 12:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2004/08/04 12:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2004/08/04 12:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2004/08/04 12:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2004/08/03 16:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2004/08/03 16:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 06:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/10/30 20:09:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1282796920\EE\AOLHostManager.exe (America Online, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/10/27 19:03:16 | 000,000,060 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - E:\autorun.inf.aug.8 -- [ FAT32 ]
    O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (54619756233228288)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/30 21:30:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/10/30 20:14:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/10/30 14:22:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/30 13:37:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/30 13:37:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/30 13:37:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/30 13:37:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/30 13:35:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/30 13:17:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/27 20:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    [2010/10/27 20:03:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/27 20:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/27 20:03:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/27 20:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/27 19:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2010/10/27 19:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
    [2010/10/27 18:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
    [2010/10/27 08:04:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2010/10/21 17:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
    [2010/10/13 14:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\coolpro2
    [2010/10/08 22:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
    [2010/10/06 14:14:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/10/06 13:55:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010/10/05 21:38:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2010/10/04 19:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
    [2010/10/04 19:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    [2010/10/04 19:37:25 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2010/10/04 19:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010/10/04 18:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/10/31 00:08:38 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/30 21:37:29 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/10/30 21:36:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/30 21:35:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/30 21:35:39 | 1575,473,152 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/30 21:30:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/10/30 20:09:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/30 17:44:19 | 000,085,504 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/30 15:34:39 | 003,896,496 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010/10/30 14:22:47 | 000,000,316 | RHS- | M] () -- C:\boot.ini
    [2010/10/30 09:54:45 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
    [2010/10/27 20:03:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/27 18:42:14 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/27 18:42:14 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/27 18:33:30 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/21 21:38:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
    [2010/10/19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
    [2010/10/06 14:19:03 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/10/06 14:19:00 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/10/05 21:51:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/10/05 18:31:03 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/04 19:31:09 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/10/30 21:35:37 | 1575,473,152 | -HS- | C] () -- C:\hiberfil.sys
    [2010/10/30 14:22:44 | 000,000,199 | ---- | C] () -- C:\Boot.bak
    [2010/10/30 14:22:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/30 13:37:30 | 000,085,504 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/30 13:37:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/30 13:37:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/30 13:37:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/30 13:37:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/30 13:10:52 | 003,896,496 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010/10/30 09:54:44 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
    [2010/10/30 09:38:39 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
    [2010/10/27 20:03:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/21 21:38:29 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
    [2010/10/05 21:34:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/09/28 20:11:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
    [2010/08/25 22:43:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/25 21:24:02 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2010/08/25 21:23:40 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2010/08/25 21:16:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2006/02/01 01:58:31 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/02/01 01:58:30 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/02/01 01:58:29 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/02/01 01:58:27 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/02/01 01:58:27 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/02/01 01:58:27 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/02/01 01:58:23 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2004/08/27 03:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/08/26 09:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/08/26 09:12:43 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
    [2004/08/26 03:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    ========== LOP Check ==========

    [2010/08/29 13:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/10/27 08:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2010/10/05 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2010/08/25 21:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2005/01/03 19:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/08/26 21:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
    [2010/08/25 21:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
    [2010/10/21 21:38:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/08/25 21:24:46 | 000,000,189 | ---- | M] () -- C:\audio.log
    [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/29 13:34:41 | 000,000,199 | ---- | M] () -- C:\Boot.bak
    [2010/10/30 14:22:47 | 000,000,316 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/30 20:14:08 | 000,010,194 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/10/30 21:35:39 | 1575,473,152 | -HS- | M] () -- C:\hiberfil.sys
    [2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/08/25 21:30:40 | 000,001,078 | -H-- | M] () -- C:\IPH.PH
    [2010/08/25 21:11:39 | 000,000,086 | ---- | M] () -- C:\lan.log
    [2010/08/25 20:37:37 | 000,000,064 | ---- | M] () -- C:\MOVE_RECOVERY
    [2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/04 12:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2010/08/25 21:25:24 | 000,000,086 | ---- | M] () -- C:\nvida.log
    [2004/12/31 22:23:54 | 001,111,862 | ---- | M] () -- C:\OTL.Txt
    [2010/10/30 21:35:34 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/24 17:11:12 | 000,000,508 | ---- | M] () -- C:\rapport.txt
    [2010/10/23 17:06:19 | 000,000,498 | ---- | M] () -- C:\RootRepeal report 10-23-10 (17-06-19).txt
    [2010/08/25 21:05:02 | 000,000,002 | RHS- | M] () -- C:\USER

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/04 12:00:00 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2004/03/22 15:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/26 03:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/26 03:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/26 03:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2004/08/26 11:04:46 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2004/08/26 11:09:50 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/26 11:09:49 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/30 15:34:39 | 003,896,496 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010/10/19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
    [2010/10/30 09:54:45 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
    [2010/10/30 21:30:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2004/08/26 11:09:49 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini
    [2010/08/26 21:58:06 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Owner\Favorites\NCH Audio and Telephony Software.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/30 21:37:31 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/11 01:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004/08/04 12:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 08:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 08:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2004/08/04 08:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2004/10/13 09:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 08:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 08:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 08:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 08:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 08:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  22. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    OTL Extras logfile created on: 10/30/2010 9:45:02 PM - Run 1
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 88.72 Gb Total Space | 1.21 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
    Drive D: | 74.53 Gb Total Space | 14.91 Gb Free Space | 20.00% Space Free | Partition Type: NTFS
    Drive E: | 4.43 Gb Total Space | 2.31 Gb Free Space | 52.21% Space Free | Partition Type: FAT32

    Computer Name: THECRAZY | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde File not found
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
    "C:\Program Files\Common Files\AOL\1282796920\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1282796920\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
    "C:\My Backup -- 10-08-25 0837PM\Program Files\FrostWire\FrostWire.exe" = C:\My Backup -- 10-08-25 0837PM\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{267AB309-8021-4CAE-9698-D9A0BEEF7FBA}" = Paint.NET v3.0
    "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
    "{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
    "{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "America Online us" = America Online (Choose which version to remove)
    "AOL Spyware Protection" = AOL Spyware Protection
    "avast5" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2006b" = Microsoft Money 2006
    "NVIDIA Drivers" = NVIDIA Drivers
    "PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
    "RealPlayer 6.0" = RealPlayer Basic
    "SMALLBUSINESSR" = Microsoft Office Small Business 2007
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WavePad" = WavePad Sound Editor
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/28/2010 11:10:04 PM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009e1e.

    Error - 9/28/2010 11:10:51 PM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009e1e.

    Error - 9/29/2010 12:39:30 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009dd2.

    Error - 1/4/2005 1:06:46 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application quickcam.exe, version 0.0.0.0, faulting module
    , version 0.0.0.0, fault address 0x00000000.

    Error - 1/4/2005 1:06:52 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
    dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

    Error - 1/4/2005 1:08:49 AM | Computer Name = THECRAZY | Source = Application Hang | ID = 1002
    Description = Hanging application Quickcam.exe, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 1/4/2005 1:30:17 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application quickcam.exe, version 11.80.1065.0, faulting
    module quickcam.exe, version 11.80.1065.0, fault address 0x000426ca.

    Error - 1/4/2005 1:44:21 AM | Computer Name = THECRAZY | Source = Application Hang | ID = 1002
    Description = Hanging application Quickcam.exe, version 11.80.1065.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ Application Events ]
    Error - 9/28/2010 11:10:04 PM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009e1e.

    Error - 9/28/2010 11:10:51 PM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009e1e.

    Error - 9/29/2010 12:39:30 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module searchtoolbar.dll, version 1.1.0.6, fault address 0x00009dd2.

    Error - 1/4/2005 1:06:46 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application quickcam.exe, version 0.0.0.0, faulting module
    , version 0.0.0.0, fault address 0x00000000.

    Error - 1/4/2005 1:06:52 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
    dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

    Error - 1/4/2005 1:08:49 AM | Computer Name = THECRAZY | Source = Application Hang | ID = 1002
    Description = Hanging application Quickcam.exe, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 1/4/2005 1:30:17 AM | Computer Name = THECRAZY | Source = Application Error | ID = 1000
    Description = Faulting application quickcam.exe, version 11.80.1065.0, faulting
    module quickcam.exe, version 11.80.1065.0, fault address 0x000426ca.

    Error - 1/4/2005 1:44:21 AM | Computer Name = THECRAZY | Source = Application Hang | ID = 1002
    Description = Hanging application Quickcam.exe, version 11.80.1065.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.


    < End of report >
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    One of the reasons, your computer is slow is this:
    You must start moving stuff out drive C immediately, or it may not boot at all one day.

    ==========================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================================

    OTL log looks perfectly clean, so...

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. elseco60

    elseco60 TS Rookie Topic Starter Posts: 59

    hi broni
    did you have time to look my last post
    i really desperate for help can you please tell me what is my next step
    and i thank you for your time
    pardon me for my english

    \
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I posted instructions for you.
    Didn't you read them?
    Look at my previous reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...