Inactive "Hard drive clusters are partly damaged" message

Karen, the black screen can be another result from the malware.

If the screen goes black when you start up in Normal Mode, the go right into #1 below, follow with #2, then #3 if needed. Then go on with #4, #5 and #6.If needed, do #7.
---------------------------
Let me know if this can be accomplished. If it can or if it cannot, I'd like you to go through this sequence of scans again. Please take care to run in the order given: I have made changes to address your problem specifically/
--------------------------------------
If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
============================================
1. Boot into Safe Mode with Networking again.
===========================================
2. Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=============================================
3. Run Unhide again If the display can be changed and you still have missing icons, programs, files, etc.,
================================
4. Run RKill again
=======================================
Do not reboot your computer after running RKilll as the malware programs will start again.
================================
5. Run the TDSKiller again
====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
6. Try the Malwarebytes Full Scan again.
=====================================
7. Some items may not show on the Start menu. To add them back:
  • Right click on Start> Properties
  • Taskbar and Start Menu Properties screen appears
  • choose Start Menu tab> Click on Customize
  • For Windows XP> Choose Advanced tab
  • Check the items you want back on the Start Menu
  • When finished> click on OK> Apply and close.
====================================
You can now reboot back into Normal Mode.
====================================
If you cannot resolve the black screen and go on, please let me know. I will instruct you in how to get back in and may also have you do an Error Check.

For my information, do you have System Restore points set? Do not set a new one now- just tell me if there are any restore points.
 
MBAM Log

I was able to get Malwarebytes to update once I uninstalled and reinstalled, which is great. Here is the log from the Full Scan in normal mode:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MARTY [administrator]

1/10/2012 11:47:47 AM
mbam-log-2012-01-10 (11-47-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246194
Time elapsed: 32 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\TDSSKiller_Quarantine\28.12.2011_16.34.24\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\28.12.2011_16.34.24\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\28.12.2011_16.39.34\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\28.12.2011_16.39.34\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\28.12.2011_21.39.02\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\28.12.2011_21.39.02\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.

(end)
 
Hi - sorry, I did not see your post before the MBAM log, but when I plugged in my other screen, it has not since gone black...maybe the screen is junk now, it is a bit old hp 1702. I am now working on your post #26, I do try to be careful to follow your instructions in order, I know it can make all the difference.
*Question* - I never used "unhide", I went to Folder Options and set View to hidden files and folders. I still see icons as translucent, seem to still be classified as hidden. Do I need to do anything about this before proceeding with your post #26, as my other screen is not going black. If no, shall I start with #4 in that same post? Thanks.
 
The Hidden File and Folders are hidden because some are Protected System Folders- not having them visible lessens the chance for an accidental delete. If we intentionally needed to access a folder that was hidden, we would use the Folder Options to make it visible.

But malware puts an attribute in that makes icons, the desktop, the programs an/or random files causing them to be missing- it 'hides' features that are not suppose to be 'hidden.'

Please go back to Folder Options> View tab> check "Do not show hidden files and folders"> Check "Hide Protected System Files (Recommended)> Apply> OK.
-------------------------
Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
The items being 'hidden' by the malware are not the same ones that are hidden in Folder Options.
====================================
Regarding this "Warning!! Do not run ComboFix in Compatibility Mode." There is a proper use for this as explained below:
The Compatibility tab is only available for programs that are installed on your hard drive. When you open the program Properties, if it has this tab, you can access it and direct it to run on the OS you now have. And Display settings for the program can be adjusted if needed. But this requires user direct action. Compatibility Mode change isn't done accidentally.

But I suspect this may be a fake warning form the malware. I'll have you run the following instead:
  • Download OTL from either of the links below and save it to your desktop.
    Link 1
    Link 2
    Note 1.: If you cannot run executable file, down OTL from either of the following links:
    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
    Note 2: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.

    [*]Double click the OTL icon to run it.
    OTL_icon.gif

    [*]Set Output at the top to Minimal Output.
    [*]Check the boxes beside LOP Check and Purity Check.
    [*]Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    [*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
    [*]When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    [*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
Restore point & OTL.txt file

Hi Bobbye, the last System restore point was January 10, 2012 at 1:52:23 PM System Checkpoint, I know I created one before but that was back in December trying to fix this myself.

Here is the OTL.txt file:
OTL logfile created on: 1/12/2012 3:12:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 69.13% Memory free
3.34 Gb Paging File | 3.12 Gb Available in Paging File | 93.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 18.73 Gb Free Space | 29.03% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 8.21 Gb Free Space | 81.97% Space Free | Partition Type: NTFS

Computer Name: MARTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12011200\algo.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



O1 HOSTS File: ([2011/08/05 19:26:40 | 000,436,668 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 15031 more lines...
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BYRUA_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: jfwhite.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275512446515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275512437234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04C49C2E-5528-4A96-A07C-AF3BB1DDEB65}: DhcpNameServer = 4.2.2.1 208.39.140.42
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C976CFF-FA86-4F59-87AA-30F302690AB9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4569725-BF76-426A-8F96-53BE21D12E0F}: NameServer = 192.168.1.248,192.168.1.247
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/03 06:51:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 21:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell - "" = AutoRun
O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 15:01:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/12 15:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Citrix
[2012/01/10 11:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/10 11:47:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/10 11:28:14 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/01/10 11:24:44 | 004,377,009 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/12/30 18:41:07 | 000,000,000 | --SD | C] -- C:\friday26551f
[2011/12/30 16:44:34 | 000,000,000 | --SD | C] -- C:\friday
[2011/12/30 11:05:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/30 11:05:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/30 11:05:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/30 11:05:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/30 11:04:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/28 16:35:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/27 21:15:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg
[2011/12/27 17:24:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/27 17:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/27 16:12:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/12/27 16:08:51 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/27 16:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/27 16:08:50 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/27 16:08:47 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/27 16:08:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/27 16:08:46 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/27 16:08:46 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/27 16:08:46 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/27 16:08:45 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/27 16:08:29 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/27 16:08:28 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/12/27 11:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/27 11:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/12/27 11:54:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/12/25 00:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/23 22:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\System Fix
[2011/12/21 11:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VZW Utility Application - LG
[2011/12/21 11:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/12/21 11:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/12 15:12:19 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards (2).url
[2012/01/12 15:07:26 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
[2012/01/12 15:07:25 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Notepad (2).lnk
[2012/01/12 15:01:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/12 14:56:07 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
[2012/01/12 14:39:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/12 14:38:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 17:48:57 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
[2012/01/10 13:29:54 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/01/10 11:47:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 11:25:04 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
[2012/01/10 11:24:47 | 004,377,009 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/01/10 11:22:08 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Presque Isle, Maine SkyCam.url
[2011/12/30 20:28:53 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Subscription Received.url
[2011/12/30 20:23:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/27 21:15:27 | 055,659,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
[2011/12/27 17:25:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/27 16:08:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/25 09:12:36 | 000,000,432 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zNM2RymvUAnRzE
[2011/12/25 09:12:01 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzE
[2011/12/25 09:12:00 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzEr
[2011/12/25 09:10:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/25 09:10:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/25 00:02:13 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/25 00:02:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/23 22:17:53 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/23 09:45:22 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VERIZON EMAIL.url
[2011/12/23 09:29:20 | 000,444,886 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/23 09:29:20 | 000,072,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/21 18:03:44 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\How to Age and Braise Venison.url
[2011/12/21 16:50:22 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bay 4 Motorsports Tewksbury MA ... Quality Pre-Owned ATV, Motorcycle, Dirtbike, Snowmobile Dealer. Located in Tewksbury Massachusetts.url
[2011/12/19 22:50:06 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\U.S. National Debt Clock Real Time.url
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/12 15:12:19 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards (2).url
[2012/01/12 15:07:25 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Notepad (2).lnk
[2012/01/12 15:00:45 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/12 15:00:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/01/12 15:00:44 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 15:00:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2012/01/12 15:00:44 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/12 15:00:40 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/01/12 15:00:40 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/12 15:00:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/12 15:00:40 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\ATI Catalyst Control Center Setup.lnk
[2012/01/12 15:00:40 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Install Altiris Aclient.lnk
[2012/01/12 15:00:40 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2012/01/12 15:00:40 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/12 15:00:40 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/12 14:56:06 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
[2012/01/10 17:48:57 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
[2012/01/10 11:47:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 11:25:04 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
[2011/12/30 11:05:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/30 11:05:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/30 11:05:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/30 11:05:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/30 10:38:11 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
[2011/12/28 21:46:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/27 21:15:24 | 055,659,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
[2011/12/27 17:25:00 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/12/27 17:24:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/27 16:08:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/25 09:11:59 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzE
[2011/12/25 09:11:59 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzEr
[2011/12/25 09:11:33 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zNM2RymvUAnRzE
[2011/12/25 09:11:02 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/25 09:10:48 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/25 09:10:48 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/24 10:33:53 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/21 16:50:22 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bay 4 Motorsports Tewksbury MA ... Quality Pre-Owned ATV, Motorcycle, Dirtbike, Snowmobile Dealer. Located in Tewksbury Massachusetts.url
[2011/12/21 16:11:54 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\How to Age and Braise Venison.url
[2011/12/21 11:42:23 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/12/19 22:50:06 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\U.S. National Debt Clock Real Time.url
[2011/09/07 12:55:41 | 000,394,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/22 10:23:57 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/22 10:23:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/17 21:03:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/12 21:36:39 | 000,086,084 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/29 23:21:21 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2010/12/29 23:21:21 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/07/08 12:39:26 | 000,000,022 | ---- | C] () -- C:\Program Files\InstSuccess.ini
[2008/07/08 09:24:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/07/08 09:24:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2008/07/08 09:07:45 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/07/08 09:03:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/07 13:29:16 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/07/07 13:29:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/07/07 13:29:16 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/15 06:14:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/15 06:05:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/02/15 06:05:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/02/15 06:05:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/02/15 06:05:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/15 06:04:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/02/15 05:49:12 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/07/03 14:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/04/25 13:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 12:43:54 | 000,444,886 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 12:43:54 | 000,072,636 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 12:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 12:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/27 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/27 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/27 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/27 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/27 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/27 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/27 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/27 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 02:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 02:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 05:12:22 | 000,000,781 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1998/05/06 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2010/06/03 06:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/12/25 08:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon
[2008/02/15 06:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/12/30 20:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/06/03 06:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/12/27 16:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/20 17:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2011/12/24 21:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/07/04 14:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/12/27 21:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/27 12:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/29 23:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/04/13 19:12:35 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\setupn.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[2006/02/27 21:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: USERINIT.EXE >
[2006/02/27 21:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2011/05/27 15:22:14 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/27 21:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 
Extras.txt file

OTL Extras logfile created on: 1/12/2012 3:12:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 69.13% Memory free
3.34 Gb Paging File | 3.12 Gb Available in Paging File | 93.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 18.73 Gb Free Space | 29.03% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 8.21 Gb Free Space | 81.97% Space Free | Partition Type: NTFS

Computer Name: MARTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.scr [@ = DWGTrueViewScriptFile] -- "" "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
"C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe" = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe:*:Enabled:panasonic Communications Utility -- (Panasonic Communications Co., Ltd.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel(R) PRO Network Connections
"{13E3F00B-2C9F-48B1-8FAF-3EACCEF2300E}" = Read Me First
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{695603EE-5D13-4406-A034-B1346652CC4D}" = Windows Firewall Setting Tool
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2CE9587-4442-4A3D-BB4D-2C36CB69707D}" = Panasonic Software Version Information
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5D80887-7F80-4A4D-94CE-64944BEF5525}" = Panasonic Document Management System
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEA90EEC-CA16-4092-9604-25B2ACC5273B}" = Communications Utility
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Citrix ICA Client" = Citrix ICA Client
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.3
"DWG TrueView 2011" = DWG TrueView 2011
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{695603EE-5D13-4406-A034-B1346652CC4D}" = Panasonic Windows Firewall Setting Tool
"InstallShield_{B5D80887-7F80-4A4D-94CE-64944BEF5525}" = Panasonic Document Management System
"InstallShield_{DEA90EEC-CA16-4092-9604-25B2ACC5273B}" = Panasonic Communications Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
I'm just realizing that I don't have the 2 logs from DDS. Did you run that scan? I went back but didn't see it. Please go ahead and run, leave the 2 logs..Do you have Spybot S&D on the system, with the Immunize feature enabled?
 
Hi Bobbye,
I couldn't run that scan initially because I couldn't disable AVG, never went back and ran it. I know in one post you were considering have me run it after reviewing a couple of logs, but we got sidetracked because of all the issues that popped up along the way. I figured out how to remove script blocking protection in avast. When i double-click on the dds icon after downloading it, it is asking me what program with which to open it, it is a .scr file, not a .exe file?

I used to have spybot but the computer was "cleaned" by an it tech and I think he removed it. Please advise and thank you!
 
Hi again - I got dds.pif downloaded and ran without script blocking, but the DOS screen eventually froze after about 25 "#" accumulated. Then my whole screen froze, this happened twice. I had to hard-shutdown to do anything. Therefore, I can't get any DDS logs for you to post.
 
The Host files indicate that some type of program is running that blocked bad domains. Basically, this is a good thing. But I have never seen them display as yours do in OTL, let alone say there are 1500 more of them! And many do have Spybot S&D but don't have the blacklisted host files strung out.
---------------------------------
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code:
    :OTL
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...smb&pf=desktop
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
    O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
    O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell - "" = AutoRun
    O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
    O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
    [2011/12/27 11:54:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2011/12/25 09:12:36 | 000,000,432 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zNM2RymvUAnRzE
    [2011/12/25 09:12:01 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzE
    [2011/12/25 09:12:00 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzEr
    [2011/12/24 10:33:53 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2008/02/15 06:04:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    regfile [merge] -- Reg Error: Key error.
    txtfile [edit] -- Reg Error: Key error.
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]
    [clearjavacache]
    [CreateRestorePoint]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
======================================================
Please download Farbar Service Scanner
  • Check Include all files option
  • Press the Scan button
  • Log named FSS.txt will be created in the same directory as the tool
  • Please paste the log into your next reply
===================================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
===================================
Hopefully there will be some improvement after the OTL Fix.

Please go back to Folder Options in the Control Panel> View tab> Check 'don't show hidden files and folders'> Check 'hide protected system files (Recommended)> Apply> OK

I think they are still showing from when you wanted to 'see' the fils.
 
OTL Log

Hi there Bobbeye!

OTL logfile created on: 1/21/2012 5:07:33 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 68.43% Memory free
3.34 Gb Paging File | 3.08 Gb Available in Paging File | 92.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 17.82 Gb Free Space | 27.62% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 8.21 Gb Free Space | 81.97% Space Free | Partition Type: NTFS

Computer Name: MARTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12012101\algo.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



O1 HOSTS File: ([2012/01/21 17:04:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BYRUA_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: jfwhite.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275512446515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275512437234 (MUWebControl Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C976CFF-FA86-4F59-87AA-30F302690AB9}: DhcpNameServer = 192.168.1.1 71.243.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/03 06:51:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 21:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 17:03:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/12 15:01:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/12 15:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Citrix
[2012/01/10 11:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/10 11:47:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/10 11:28:14 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/30 18:41:07 | 000,000,000 | --SD | C] -- C:\friday26551f
[2011/12/30 16:44:34 | 000,000,000 | --SD | C] -- C:\friday
[2011/12/30 11:05:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/30 11:05:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/30 11:05:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/30 11:05:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/30 11:04:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/28 16:35:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/27 21:15:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg
[2011/12/27 17:24:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/27 17:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/27 16:12:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/12/27 16:08:51 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/27 16:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/27 16:08:50 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/27 16:08:47 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/27 16:08:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/27 16:08:46 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/27 16:08:46 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/27 16:08:46 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/27 16:08:45 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/27 16:08:29 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/27 16:08:28 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/12/27 11:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/27 11:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/12/25 00:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/23 22:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\System Fix

========== Files - Modified Within 30 Days ==========

[2012/01/21 17:10:42 | 000,445,538 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/21 17:10:42 | 000,072,970 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/21 17:06:48 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/01/21 17:06:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 17:06:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 17:04:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/21 10:29:55 | 000,001,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url
[2012/01/21 10:11:00 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Presque Isle, Maine SkyCam.url
[2012/01/15 18:26:31 | 000,000,324 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
[2012/01/15 12:26:16 | 000,394,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/13 00:17:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/13 00:10:59 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/01/12 15:07:26 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
[2012/01/12 15:01:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/10 17:48:57 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
[2012/01/10 11:25:04 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
[2011/12/30 20:28:53 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Subscription Received.url
[2011/12/30 20:23:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/27 21:15:27 | 055,659,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
[2011/12/27 17:25:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/27 16:08:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/25 09:10:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/25 09:10:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/25 00:02:13 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/23 09:45:22 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VERIZON EMAIL.url

========== Files Created - No Company Name ==========

[2012/01/21 10:29:55 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url
[2012/01/15 18:26:31 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
[2012/01/13 00:10:59 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/01/12 15:00:45 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/12 15:00:44 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 15:00:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2012/01/12 15:00:44 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/12 15:00:40 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/01/12 15:00:40 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/12 15:00:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/12 15:00:40 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\ATI Catalyst Control Center Setup.lnk
[2012/01/12 15:00:40 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Install Altiris Aclient.lnk
[2012/01/12 15:00:40 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2012/01/12 15:00:40 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/12 15:00:40 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/10 17:48:57 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
[2012/01/10 11:25:04 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
[2011/12/30 11:05:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/30 11:05:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/30 11:05:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/30 11:05:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/30 10:38:11 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
[2011/12/28 21:46:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/27 21:15:24 | 055,659,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
[2011/12/27 17:25:00 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/12/27 17:24:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/27 16:08:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/25 09:11:02 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/25 09:10:48 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/25 09:10:48 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/21 11:42:23 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/09/07 12:55:41 | 000,394,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/22 10:23:57 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/22 10:23:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/17 21:03:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/12 21:36:39 | 000,086,084 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/29 23:21:21 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2010/12/29 23:21:21 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/07/08 12:39:26 | 000,000,022 | ---- | C] () -- C:\Program Files\InstSuccess.ini
[2008/07/08 09:24:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/07/08 09:24:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2008/07/08 09:07:45 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/07/08 09:03:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/07 13:29:16 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/07/07 13:29:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/07/07 13:29:16 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/15 06:14:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/15 06:05:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/02/15 06:05:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/02/15 06:05:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/02/15 06:05:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/15 05:49:12 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/07/03 14:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/04/25 13:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 12:43:54 | 000,445,538 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 12:43:54 | 000,072,970 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 12:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 12:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/27 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/27 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/27 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/27 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/27 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/27 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/27 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/27 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 02:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 02:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 05:12:22 | 000,000,781 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1998/05/06 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2010/06/03 06:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/12/25 08:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon
[2008/02/15 06:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/12/30 20:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/06/03 06:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/12/27 16:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/20 17:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2011/12/24 21:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/07/04 14:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/12/27 21:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/27 12:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/29 23:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 
FSS Log

There was no "include all files" checkbox, so I checked all the boxes myself, I hope what I did was correct. Here is the log:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Administrator (administrator) on 21-01-2012 at 17:14:05
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000B00000008000000090000000A0000000C000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
 
other info.

I uninstalled Java then installed, it is now Java 6 Update 30.
I had checked "don't show hidden files and folders" then downloaded unhide.exe and ran it, I thought before I did my last postings 5 days ago. I did go and check those two settings and they match what you told me. Hopefully we're progressing! Thank you so much!
Karen
 
There are some entries in the log that I wouldn't expect to see logged. They are puzzling, but not necessarily bad.

System is getting better, but not clean yet: Have you noticed any improvement?

OTL Custom Scan Fixes
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
    Code:
    :OTL
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O15 - HKCU\..Trusted Domains: jfwhite.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)
    [2012/01/21 10:29:55 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url
    [2012/01/10 11:25:04 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
    :Files
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [emptyjava]
    [resethosts]
    [CreateRestorePoint]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
=========================================
Please run this after OTL Fix: MGA Diagnostics tool
  • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
  • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
  • You must choose to Run this tool when prompted.
  • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
  • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
  • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
  • Please return to this thread and Paste the results here for review.
------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
========================================
Edit: Forgot this: Click on start> Run> type in services.msc> Enter> Find and double click on Background Intelligent Transfer Service (BITS)> Set Startup type to Manual.
 
OTL Log

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jfwhite.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webex.com\ deleted successfully.
File C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url not found.
C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 148828 bytes
->Temporary Internet Files folder emptied: 1142270 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1365002 bytes

Total Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

Total Java Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01222012_140655

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZM3UH6LH\topic175275-2[1].html moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
MGA

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-2MDY9-F6J9M-K42BQ
Windows Product Key Hash: jY+nlE0RT38EEXpeUqSdQPABSQc=
Windows Product ID: 76487-OEM-2211906-00101
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {A0C3CF82-BDCD-4879-8068-9CA1EB8BBE5B}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A0C3CF82-BDCD-4879-8068-9CA1EB8BBE5B}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-K42BQ</PKey><PID>76487-OEM-2211906-00101</PID><PIDType>2</PIDType><SID>S-1-5-21-3684139542-1093763568-3255329030</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq dc7600 Small Form Factor</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786D1 v01.03</Version><SMBIOSVersion major="2" minor="4"/><Date>20050518000000.000000+000</Date><SLPBIOS>Compaq,Hewlett,Hewlett,Compaq</SLPBIOS></BIOS><HWID>B99B3A7F0184E07C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard</name><model>HP Compaq dc7700 Small Form Factor</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>13D0F7C0C850D00</Val><Hash>y2/TmYa3GO/I8NpCX+9pFRxaakw=</Hash><Pid>73931-640-0043284-57628</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 8C19:Compaq Computer Corporation|116FC:Compaq Computer Corporation|1FFEA:Compaq Computer Corporation|EB58:Compaq Computer Corporation|11723:Compaq Computer Corporation|11723:Compaq Computer Corporation|1FFEA:Hewlett-Packard Company|EB58:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: Compaq,Hewlett,Hewlett,Compaq

OEM Activation 2.0 Data-->
N/A
 
MSC services

I believe the BITS was already set to manual, but I didn't see a save key, and I did not click on Start Service, am I all set with this part? Thanks!
Karen
 
All you would do if you had to change a Service is make the change, click on Apply> OK. You do not need to start the Service.

The MGA looks okay. I don't know what you're referring to in the PM. I thought there might be a problem with Validation or License since you're having so much problem. You're not showing a block for Volume Licensing.

Have you noticed any improvement since running the 2 OTL fixes?
 
Hi - I see improvement in that I am no longer getting the fake error messages from the original virus, and I can see my start menu programs and desktop is blue and all the icons are there. So on my end, things seem fine, not sure if you can see anything else in those logs, but operationally it appears back to normal. Thank you so much for your help.
Karen
 
Well, that makes my day! Howabout these 2 quickies, then we'll close up (hopefully!)

First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
  • Extract it to the directory on your hard drive you created C:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.
NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
====================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 
HijackThis Log

Good morning!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:27:32 AM, on 1/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BYRUA_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275512446515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275512437234
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6241 bytes
 
Oh yes- that a good thing! One more step:

Please reopen HijackThis to 'do system scan only.' Check each of the following if present:

O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost


Close all Windows except HijackThis and click on "Fix Checked"
=============================
You can free-up some resources by re-setting the following Services:
Click on Start> Run> type in services.msc> Enter> Double click on each to open and set as given:

1. Bonjour Service > Set to Manual Startup Type> If not using now> Stop the Service
2. iPod Service< Set to Manual Startup Type> if not using now> Stop the Service
3. Java Quick Starter (jqs]> Set to Disabled Startup Type> Stop the Service if running. This is a useless function that is not needed and uses system resources.
Exit Services when through.

You've done a good job, Karen. It was a pleasure to help you!
---------------------------------
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
============================================
Tips for added security and safer browsing: (Links are in Bold Blue)
  1. Browser Security
    [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
    [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
    [o] Replace the Host Files
    [o] Google Toolbar Pop Up Blocker
    [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
  2. Have layered Security:
    [o]Antivirus :(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o]Avast-Free Antivirus
    [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
  3. Antimalware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o]Spybot Search & Destroy
  4. Updates: Stay current:
    [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
    [o]Adobe Reader Install current, uninstall old.
    [o]Java Updates Install current, uninstall old.
  5. Tracking Cookies
    Reset Cookie:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
    [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
  6. Do regular Maintenance
    Clean the temporary internet files often:
    [o] Temporary File Cleaner]
    or
    [o] ATF Cleaner by Atribune
  7. Restore Points:
    [o]See System Restore Guide
  8. Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Please let me know if you find any bad link.

Let me know if you have any questions.
 
questions

Thanks Bobbye!
I do have a few questions - I couldn't find combofix, I must have uninstalled it previously?
When you say to delete backups of files combofix deleted, how do I find those files if they exist?
The link to OTC wasn't titled OTCleanit.exe, it is just OTC, is this the correct file?
I did the hijack this fix but will await the OTC info. before proceeding, not sure if the order of operations is important. Thanks again! I'm looking forward to seeing Mr. Clean on my screen.
 
Uninstall ComboFix and all Backups of the files it deleted

If you used the Combofix uninstall directions I gave you, that will remove Combofix (the program) and all the backups and logs from it. That line is meant to be one function.

OTC is fine. We use several "OT" programs. They start with 'OT' and add the last letter of that particular program. The 'C' is for cleanup. Okay to use the link I have for "Old Timer's Cleanup' as just OTC.

Karen I don't use the Mr. Clean gif. It is difficult to find a gif that is safe and clean, with no extra content in it.

But your system IS CLEAN!
peace_dove_bigger_normal.jpg
Peace
 
Back