Still slow after Malware and Spyware Cleaning Guide

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

3 Pages

1 2 3 >

Still slow after Malware and Spyware Cleaning Guide

Options

babybearfan View Member Profile	Nov 4 2009, 02:44 PM Post #1
Member Posts: 14 OS: Windows XP	I have done everything in the Malware and Spyware Cleaning Guide and my computer is still slow. Here are my logs; any suggestions? Thank you ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/04 11:39 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB9B6C000 Size: 49152 File Visible: No Signed: - Status: - ==EOF== OTL logfile created on: 2009-11-04 11:43:24 - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Jeremy\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: yyyy-MM-dd 509.98 Mb Total Physical Memory \| 113.70 Mb Available Physical Memory \| 22.29% Memory free 1.22 Gb Paging File \| 0.83 Gb Available in Paging File \| 67.98% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 70.81 Gb Total Space \| 50.72 Gb Free Space \| 71.63% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D8JFGK71 Current User Name: Jeremy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009-11-04 11:41:45 \| 00,528,384 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\OTL.exe PRC - [2009-09-17 13:29:04 \| 00,645,328 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2009-09-16 09:22:08 \| 00,144,704 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2009-09-16 08:28:38 \| 00,606,736 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe PRC - [2009-09-15 09:23:54 \| 00,894,136 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe PRC - [2009-08-19 11:25:52 \| 01,589,208 \| ---- \| M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe PRC - [2009-07-09 23:26:20 \| 00,865,832 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2009-07-08 10:54:34 \| 00,359,952 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009-07-07 18:10:02 \| 02,482,848 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009-06-17 11:49:44 \| 00,616,408 \| ---- \| M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe PRC - [2009-05-07 22:30:22 \| 00,192,128 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe PRC - [2009-05-07 22:30:22 \| 00,192,128 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe PRC - [2009-04-02 15:11:02 \| 00,342,312 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009-04-02 15:10:56 \| 00,656,168 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009-03-26 14:31:20 \| 00,132,424 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008-12-12 10:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008-04-24 13:26:18 \| 00,202,560 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe PRC - [2008-04-24 13:25:22 \| 00,202,560 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe PRC - [2008-04-13 18:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005-09-20 09:36:20 \| 00,114,688 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe PRC - [2005-09-20 09:32:24 \| 00,077,824 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe PRC - [2005-05-09 14:32:14 \| 00,053,248 \| ---- \| M] (Musicmatch Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe PRC - [2004-10-14 13:42:54 \| 01,404,928 \| ---- \| M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2004-03-04 10:30:48 \| 00,311,296 \| ---- \| M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE PRC - [2004-03-04 10:26:20 \| 00,174,592 \| ---- \| M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE PRC - [2003-09-03 19:12:44 \| 00,221,184 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe ========== Modules (SafeList) ========== MOD - [2009-11-04 11:41:45 \| 00,528,384 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\OTL.exe MOD - [2008-04-13 18:12:51 \| 01,054,208 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008-04-13 18:12:01 \| 00,413,696 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp60.dll MOD - [2008-04-13 18:11:53 \| 00,185,344 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll MOD - [2007-04-19 14:21:40 \| 00,116,264 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (0120381256135057mcinstcleanup) SRV - [2009-09-16 10:23:32 \| 00,365,072 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009-09-16 09:22:08 \| 00,144,704 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009-09-16 08:28:38 \| 00,606,736 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009-09-15 09:23:54 \| 00,894,136 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009-07-09 23:26:20 \| 00,865,832 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009-07-08 19:22:22 \| 00,068,112 \| ---- \| M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor) SRV - [2009-07-08 10:54:34 \| 00,359,952 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009-07-07 18:10:02 \| 02,482,848 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2009-06-17 11:49:44 \| 00,616,408 \| ---- \| M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService) SRV - [2009-04-02 15:10:56 \| 00,656,168 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009-03-26 14:31:20 \| 00,132,424 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008-12-12 10:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008-07-29 20:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008-07-29 18:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008-07-29 18:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008-07-25 10:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-07-25 10:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008-04-24 13:26:18 \| 00,202,560 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SRV - [2008-04-13 18:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\pchsvc.dll -- (helpsvc) SRV - [2007-03-07 15:47:46 \| 00,076,848 \| ---- \| M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006-10-18 20:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2004-03-04 10:30:48 \| 00,311,296 \| ---- \| M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS) SRV - [2003-12-17 12:59:48 \| 00,143,360 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc) ========== Driver Services (SafeList) ========== DRV - [2009-09-16 09:22:48 \| 00,214,664 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk) DRV - [2009-09-16 09:22:48 \| 00,079,816 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk) DRV - [2009-09-16 09:22:48 \| 00,040,552 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk) DRV - [2009-09-16 09:22:48 \| 00,035,272 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk) DRV - [2009-09-16 09:22:14 \| 00,034,248 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk) DRV - [2009-07-16 11:32:26 \| 00,120,136 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP) DRV - [2009-03-26 14:23:46 \| 00,036,864 \| ---- \| M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL) DRV - [2009-03-19 15:32:48 \| 00,023,400 \| ---- \| M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008-04-13 12:45:12 \| 00,060,032 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) DRV - [2008-04-13 12:36:39 \| 00,043,008 \| ---- \| M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008-04-13 12:36:39 \| 00,040,960 \| ---- \| M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2007-11-26 18:54:11 \| 00,102,664 \| ---- \| M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm) DRV - [2007-11-13 04:25:53 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv) DRV - [2007-07-26 17:06:18 \| 00,043,528 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2007-02-25 12:10:48 \| 00,005,376 \| --S- \| M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv) DRV - [2006-10-05 16:07:28 \| 00,004,736 \| ---- \| M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005-09-20 10:00:54 \| 01,302,332 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm) DRV - [2005-01-27 14:31:06 \| 00,260,352 \| ---- \| M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm) DRV - [2004-12-06 00:05:00 \| 00,100,603 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2004-12-06 00:05:00 \| 00,098,714 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2004-12-06 00:05:00 \| 00,086,586 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2004-12-06 00:05:00 \| 00,034,843 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2004-12-06 00:05:00 \| 00,025,883 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2004-12-06 00:05:00 \| 00,015,227 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2004-12-06 00:05:00 \| 00,006,363 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2004-12-06 00:05:00 \| 00,004,123 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2004-12-06 00:05:00 \| 00,002,239 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres) DRV - [2004-12-01 02:22:00 \| 00,087,488 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2004-11-23 01:56:00 \| 00,040,480 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm) DRV - [2004-09-17 08:02:54 \| 00,732,928 \| ---- \| M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt) DRV - [2004-08-04 04:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink) DRV - [2004-08-03 21:29:56 \| 01,897,408 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv) DRV - [2004-07-14 10:29:04 \| 00,005,627 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5) DRV - [2004-07-14 10:28:50 \| 00,023,545 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln) DRV - [2004-06-15 21:52:40 \| 00,061,157 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53) DRV - [2004-03-05 21:15:34 \| 00,647,929 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52) DRV - [2004-03-05 21:14:42 \| 01,233,525 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51) DRV - [2004-03-05 21:13:38 \| 00,037,048 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt) DRV - [2004-02-10 14:49:14 \| 00,154,112 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) DRV - [2003-01-10 10:56:34 \| 00,030,921 \| ---- \| M] (Service & Quality Technology.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SQCaptur.sys -- (DCamUSBSQTECH) DRV - [2001-08-17 13:51:32 \| 00,018,688 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\irsir.sys -- (irsir) DRV - [2001-08-17 13:07:44 \| 00,019,072 \| ---- \| M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001-08-17 13:07:42 \| 00,030,688 \| ---- \| M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001-08-17 13:07:40 \| 00,028,384 \| ---- \| M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001-08-17 13:07:36 \| 00,032,640 \| ---- \| M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001-08-17 13:07:34 \| 00,016,256 \| ---- \| M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001-08-17 12:57:38 \| 00,016,128 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA) DRV - [2001-08-17 12:52:22 \| 00,036,736 \| ---- \| M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001-08-17 12:52:20 \| 00,045,312 \| ---- \| M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001-08-17 12:52:20 \| 00,040,320 \| ---- \| M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001-08-17 12:52:18 \| 00,049,024 \| ---- \| M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001-08-17 12:52:16 \| 00,179,584 \| ---- \| M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001-08-17 12:52:12 \| 00,017,280 \| ---- \| M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001-08-17 12:52:00 \| 00,026,496 \| ---- \| M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001-08-17 12:51:58 \| 00,014,848 \| ---- \| M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001-08-17 12:51:56 \| 00,005,248 \| ---- \| M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001-08-17 12:51:54 \| 00,006,656 \| ---- \| M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AIM Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.yahoo.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=" FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 02:01:31 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-03 14:07:42 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-03 14:16:55 \| 00,000,000 \| ---D \| M] [2009-03-27 21:36:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Extensions [2008-11-22 12:47:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-03-27 21:36:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2009-11-03 12:42:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\9w507ls9.default\extensions [2009-09-02 11:16:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\9w507ls9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-09-28 11:42:07 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\9w507ls9.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770} [2008-11-19 10:05:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\9w507ls9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2008-11-24 00:49:25 \| 00,001,728 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\9w507ls9.default\searchplugins\aim-search.xml [2009-11-03 12:42:37 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009-10-29 09:34:50 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007-09-29 10:40:48 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2009-10-29 09:34:30 \| 00,023,544 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009-10-29 09:34:31 \| 00,137,208 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008-08-19 15:31:28 \| 00,098,304 \| ---- \| M] (ASP) -- C:\Program Files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll [2009-02-23 09:45:06 \| 00,177,592 \| ---- \| M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll [2009-10-29 09:34:39 \| 00,065,016 \| ---- \| M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009-10-02 23:13:10 \| 00,095,600 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009-05-10 21:52:23 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009-08-24 12:45:46 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009-08-24 12:45:46 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2008-12-01 10:50:26 \| 00,004,946 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml [2009-08-24 12:45:46 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009-08-24 12:45:46 \| 00,002,344 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009-08-24 12:45:46 \| 00,002,371 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009-08-24 12:45:46 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009-08-24 12:45:46 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (348158 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 11963 more lines... O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll () O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe () O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\5.0_( File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (Reg Error: Value error.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1136108086403 (MUWebControl Class) O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://ca.com/us/securityadvisor/virusinfo/webscan.cab (Reg Error: Value error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamem...GameManager.cab (Reg Error: Value error.) O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (Reg Error: Value error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004-08-10 12:04:08 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2005-05-19 08:20:42 \| 00,000,000 \| ---D \| M] NetSvcs: Iprip - File not found NetSvcs: Irmon - C:\WINDOWS\SYSTEM32\irmon.dll (Microsoft Corporation) NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: helpsvc - C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2009-11-04 11:41:35 \| 00,528,384 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\OTL.exe [2009-11-04 11:34:53 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\Jeremy\Desktop\RootRepeal.exe [2009-11-03 21:02:53 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-11-03 21:02:48 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-11-03 21:02:47 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-11-03 21:01:53 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeremy\Desktop\mbam-setup.exe [2009-11-03 20:59:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009-11-03 20:58:54 \| 00,791,393 \| ---- \| C] (Lars Hederer ) -- C:\Documents and Settings\Jeremy\Desktop\erunt_setup.exe [2009-11-03 20:57:14 \| 00,021,504 \| ---- \| C] (Doug Knox) -- C:\Documents and Settings\Jeremy\Desktop\SysRestorePoint.exe [2009-11-03 20:39:37 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\TFC.exe [2009-11-02 14:48:35 \| 00,000,000 \| RH-D \| C] -- C:\Documents and Settings\Jeremy\Recent [2009-10-26 11:57:58 \| 00,000,000 \| -HSD \| C] -- C:\Documents and Settings\Jeremy\IECompatCache [2009-10-10 12:04:14 \| 00,000,000 \| -H-D \| C] -- C:\WINDOWS\ie8 [2008-11-30 22:41:59 \| 05,360,483 \| ---- \| C] (Console Classix ) -- C:\Documents and Settings\Jeremy\Application Data\consoleclassixsetup.exe ========== Files - Modified Within 30 Days ========== [2009-11-04 11:41:45 \| 00,528,384 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\OTL.exe [2009-11-04 11:36:45 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\settings.dat [2009-11-04 11:35:10 \| 00,472,064 \| ---- \| M] ( ) -- C:\Documents and Settings\Jeremy\Desktop\RootRepeal.exe [2009-11-04 03:27:32 \| 00,019,971 \| ---- \| M] () -- C:\WINDOWS\System32\Config.MPF [2009-11-04 03:25:09 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009-11-04 03:24:39 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009-11-04 03:21:41 \| 00,000,178 \| -HS- \| M] () -- C:\Documents and Settings\Jeremy\NTUSER.INI [2009-11-04 03:21:40 \| 07,864,320 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\ntuser.dat [2009-11-03 21:28:22 \| 08,574,444 \| -H-- \| M] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\IconCache.db [2009-11-03 21:02:58 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009-11-03 21:01:54 \| 04,045,536 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeremy\Desktop\mbam-setup.exe [2009-11-03 20:59:49 \| 00,000,611 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\NTREGOPT.lnk [2009-11-03 20:59:49 \| 00,000,592 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\ERUNT.lnk [2009-11-03 20:58:55 \| 00,791,393 \| ---- \| M] (Lars Hederer ) -- C:\Documents and Settings\Jeremy\Desktop\erunt_setup.exe [2009-11-03 20:57:21 \| 00,021,504 \| ---- \| M] (Doug Knox) -- C:\Documents and Settings\Jeremy\Desktop\SysRestorePoint.exe [2009-11-03 20:40:11 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\TFC.exe [2009-11-03 13:33:48 \| 00,348,158 \| R--- \| M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2009-11-02 15:07:45 \| 00,524,016 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-11-02 15:07:45 \| 00,442,466 \| ---- \| M] () -- C:\WINDOWS\System32\PERFH009.DAT [2009-11-02 15:07:45 \| 00,071,732 \| ---- \| M] () -- C:\WINDOWS\System32\PERFC009.DAT [2009-11-01 20:44:30 \| 00,001,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2009-11-01 00:00:17 \| 00,000,334 \| ---- \| M] () -- C:\WINDOWS\tasks\McQcTask.job [2009-10-30 12:34:12 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-10-25 22:14:36 \| 00,000,386 \| ---- \| M] () -- C:\WINDOWS\tasks\SmartDefrag.job [2009-10-25 22:14:25 \| 00,000,792 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk [2009-10-22 14:56:16 \| 00,001,578 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\LimeWire 5.3.6.lnk [2009-10-22 12:26:45 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009-10-22 03:19:04 \| 05,939,712 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009-10-22 03:19:04 \| 05,939,712 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009-10-17 12:25:23 \| 00,047,288 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009-10-15 00:21:09 \| 00,000,342 \| ---- \| M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009-10-12 18:00:40 \| 00,005,493 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\Jeremy resume.doc [2009-10-09 15:30:29 \| 00,342,994 \| R--- \| M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20091103-133346.backup [2009-10-09 14:36:06 \| 00,001,548 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\CCleaner.lnk [2009-10-05 20:15:15 \| 00,003,919 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\My Documents\Jeremy resume.doc ========== Files Created - No Company Name ========== [2009-11-04 11:36:45 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Desktop\settings.dat [2009-11-03 21:02:58 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009-11-03 20:59:49 \| 00,000,611 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Desktop\NTREGOPT.lnk [2009-11-03 20:59:49 \| 00,000,592 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Desktop\ERUNT.lnk [2009-10-25 22:14:36 \| 00,000,386 \| ---- \| C] () -- C:\WINDOWS\tasks\SmartDefrag.job [2009-10-25 22:14:25 \| 00,000,792 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk [2009-10-22 14:56:16 \| 00,001,578 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Desktop\LimeWire 5.3.6.lnk [2007-12-03 20:36:54 \| 00,001,759 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007-11-23 11:58:26 \| 00,139,008 \| ---- \| C] () -- C:\WINDOWS\System32\guard32.dll [2007-09-29 18:23:52 \| 00,001,806 \| ---- \| C] () -- C:\Program Files\jpgyabbc.txt [2007-09-24 11:00:13 \| 00,000,029 \| ---- \| C] () -- C:\WINDOWS\PControl.ini [2007-09-17 19:26:44 \| 00,008,396 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log [2007-06-19 21:12:15 \| 00,000,047 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2007-06-08 23:15:05 \| 00,014,336 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-05-28 14:53:52 \| 00,000,437 \| ---- \| C] () -- C:\WINDOWS\dellstat.ini [2007-05-28 14:53:03 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\dlbcvs.dll [2007-05-28 14:53:01 \| 00,000,373 \| ---- \| C] () -- C:\WINDOWS\System32\dlbccoin.ini [2007-05-19 22:18:30 \| 00,001,473 \| ---- \| C] () -- C:\WINDOWS\cdPlayer.ini [2007-02-06 19:59:34 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2006-08-28 18:19:39 \| 00,000,129 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\fusioncache.dat [2006-07-06 23:49:48 \| 00,000,022 \| ---- \| C] () -- C:\WINDOWS\kodakpcd.Jeremy.ini [2006-06-29 13:58:52 \| 00,030,808 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006-06-29 13:53:56 \| 00,026,489 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006-04-18 14:39:28 \| 00,029,779 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006-04-18 14:39:28 \| 00,026,040 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2005-09-23 13:28:00 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\YCRWin32.dll [2005-06-21 17:28:53 \| 00,061,678 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Application Data\PFP120JPR.{PB [2005-06-21 17:28:53 \| 00,012,358 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Application Data\PFP120JCM.{PB [2005-06-15 11:41:47 \| 00,047,288 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005-05-23 16:01:26 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Jeremy\Application Data\DESKTOP.INI [2005-05-23 16:01:23 \| 08,574,444 \| -H-- \| C] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\IconCache.db [2005-05-19 09:11:42 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2005-05-19 09:03:44 \| 00,000,000 \| -H-- \| C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat [2005-05-19 09:02:58 \| 00,000,818 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2005-05-19 08:24:18 \| 00,000,370 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005-03-01 15:30:20 \| 00,000,453 \| ---- \| C] () -- C:\WINDOWS\bdoscandellang.ini [2005-01-28 07:08:34 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [2004-08-10 12:13:12 \| 00,000,780 \| ---- \| C] () -- C:\WINDOWS\ORUN32.INI [2004-08-10 12:04:08 \| 00,000,576 \| ---- \| C] () -- C:\WINDOWS\WIN.INI [2004-08-10 11:57:52 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2004-08-10 11:57:42 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI [2004-08-04 04:00:00 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\FXSPERF.INI [1979-12-31 23:00:00 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\e100bmsg.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\.exe > [2008-12-13 00:12:40 \| 01,312,755 \| ---- \| M] () -- C:\MGtools9x.exe [2008-12-13 18:16:53 \| 04,614,888 \| ---- \| M] (Microsoft Corporation) -- C:\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [2004-08-04 04:00:00 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL [2004-08-04 04:00:00 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-13 18:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-13 18:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2004-08-04 04:00:00 \| 00,180,224 \| ---- \| M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL [2004-08-04 04:00:00 \| 00,180,224 \| ---- \| M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008-04-13 18:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008-04-13 18:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2004-08-04 04:00:00 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL [2004-08-04 04:00:00 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2008-04-13 18:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008-04-13 18:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2004-08-03 21:59:44 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys [2004-08-03 21:59:44 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008-04-13 12:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 12:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys [2004-08-03 21:59:44 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2004-08-03 22:07:42 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS [2004-08-03 22:07:42 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2008-04-13 12:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 12:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\i_plugins.txt:SummaryInformation < End of report > OTL Extras logfile created on: 2009-11-04 11:43:27 - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Jeremy\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: yyyy-MM-dd 509.98 Mb Total Physical Memory \| 113.70 Mb Available Physical Memory \| 22.29% Memory free 1.22 Gb Paging File \| 0.83 Gb Available in Paging File \| 67.98% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 70.81 Gb Total Space \| 50.72 Gb Free Space \| 71.63% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D8JFGK71 Current User Name: Jeremy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .txt [@ = txtfile] -- C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" % File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. txtfile [open] -- C:\WINDOWS\NOTEPAD.EXE %1 (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe::Disabled:Kodak Software Updater -- File not found "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire -- (Lime Wire, LLC) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Loader -- File not found "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe::Enabled:AIM -- File not found "C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe::Enabled:MySpaceIM -- () "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe::Enabled:McAfee Network Agent -- (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2 "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{3CDF4815-1334-4AF3-B780-1F6526011C5A}" = HyperLoad - Golf Course "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5 "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes "{6102D63A-9387-4FC8-98E4-181121F8C0BA}" = MPlugin_USA "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch� Jukebox "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7 "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0 "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12 "{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C0172B82-9ED5-4C9F-8939-C0794BFBB297}" = HyperLoad - Golf Range "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9) "{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AudibleManager" = AudibleManager "CCleaner" = CCleaner (remove only) "ComcastHSI" = Comcast High-Speed Internet Install Wizard "comcasttb" = Comcast Toolbar 3.0 "Dell Photo Printer 720" = Dell Photo Printer 720 "Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger "ERUNT_is1" = ERUNT 1.1j "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "LimeWire" = LimeWire 5.3.6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4) "MSC" = McAfee SecurityCenter "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MySpaceIM" = MySpaceIM "nickarcade" = Nick Aracde Toolbar "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PhoTagsExpress" = PhoTags Express "PROSet" = Intel® PRO Network Adapters and Drivers "RealPlayer 6.0" = RealPlayer "Security Task Manager" = Security Task Manager 1.7h "Smart Defrag_is1" = Smart Defrag 1.20 "UnityWebPlayer" = Unity Web Player "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! Toolbar" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2009-09-28 13:20:03 \| Computer Name = D8JFGK71 \| Source = crypt32 \| ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 2009-09-28 13:20:07 \| Computer Name = D8JFGK71 \| Source = crypt32 \| ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 2009-09-28 13:20:09 \| Computer Name = D8JFGK71 \| Source = crypt32 \| ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 2009-09-28 13:20:09 \| Computer Name = D8JFGK71 \| Source = crypt32 \| ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 2009-09-28 13:20:10 \| Computer Name = D8JFGK71 \| Source = crypt32 \| ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 2009-09-28 13:20:12 \| Computer Name = D8JFGK71 \| Source = crypt32 \| ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 2009-09-28 23:25:13 \| Computer Name = D8JFGK71 \| Source = ESENT \| ID = 490 Description = wuauclt (3640) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 2009-11-03 22:52:44 \| Computer Name = D8JFGK71 \| Source = AntiSpywareService \| ID = 0 Description = Error - 2009-11-03 23:34:12 \| Computer Name = D8JFGK71 \| Source = AntiSpywareService \| ID = 0 Description = Error - 2009-11-04 05:28:35 \| Computer Name = D8JFGK71 \| Source = AntiSpywareService \| ID = 0 Description = [ System Events ] Error - 2009-11-04 13:35:09 \| Computer Name = D8JFGK71 \| Source = Service Control Manager \| ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2009-11-04 13:35:09 \| Computer Name = D8JFGK71 \| Source = Service Control Manager \| ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2009-11-04 13:35:14 \| Computer Name = D8JFGK71 \| Source = Service Control Manager \| ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2009-11-04 13:35:14 \| Computer Name = D8JFGK71 \| Source = Service Control Manager \| ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2009-11-04 13:41:24 \| Computer Name = D8JFGK71 \| Source = Service Control Manager \| ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2009-11-04 13:41:24 \| Computer Name = D8JFGK71 \| Source = Service Control Manager \| ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2009-11-04 13:41:29 \| Computer Name = D8JFGK71 \| Source = Service Control Manager \| ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2009-11-04 13:41:29 \| Computer Name = D8JFGK71 \| Source = Service Control Manager \| ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2009-11-04 13:47:27 \| Computer Name = D8JFGK71 \| Source = Service Control Manager \| ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2009-11-04 14:03:19 \| Computer Name = D8JFGK71 \| Source = Service Control Manager \| ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 < End of report >

babybearfan View Member Profile	Nov 4 2009, 09:12 PM Post #2
Member Posts: 14 OS: Windows XP	Here is this also. Malwarebytes' Anti-Malware 1.41 Database version: 3097 Windows 5.1.2600 Service Pack 3 2009-11-03 21:27:04 mbam-log-2009-11-03 (21-27-04).txt Scan type: Quick Scan Objects scanned: 117100 Time elapsed: 15 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Tweene View Member Profile	Nov 8 2009, 03:31 AM Post #3
Trusted Helper Posts: 1,224 From: Near my bed OS: XP - Vista	Hello babybearfan and Welcome to Geeks To Go! I'm Tweene and i'll try to help you. I'm currently looking over your logs. The computer only has 510 mb of RAM.. Its quite low comparing with today's programs.. I suggest you to upgrade to 1gb of RAM at least.. When it comes to RAM, the more RAM, the better it is.. But for general usage, 1gb of RAM should be enough.. Have you posted in an other forum ? If no, please post a fresh OTL log : Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted. Make sure that both LOP Check and Purity Check are ticked Click the Run Scan button.

babybearfan View Member Profile	Nov 8 2009, 11:04 AM Post #4
Member Posts: 14 OS: Windows XP	Here is a fresh OTL log. I know its not the newest computer, but it came to almost a grinding stop about a week ago and has been limping along ever since. Thanks -babybearfan OTL logfile created on: 2009-11-08 10:53:27 - Run 2 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Jeremy\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: yyyy-MM-dd 509.98 Mb Total Physical Memory \| 236.07 Mb Available Physical Memory \| 46.29% Memory free 1.22 Gb Paging File \| 0.83 Gb Available in Paging File \| 67.94% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 70.81 Gb Total Space \| 50.72 Gb Free Space \| 71.62% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D8JFGK71 Current User Name: Jeremy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009-11-08 10:28:44 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\OTL.exe PRC - [2009-09-17 13:29:04 \| 00,645,328 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2009-09-16 09:22:08 \| 00,144,704 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2009-09-16 08:28:38 \| 00,606,736 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe PRC - [2009-09-15 09:23:54 \| 00,894,136 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe PRC - [2009-08-19 11:25:52 \| 01,589,208 \| ---- \| M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe PRC - [2009-07-09 23:26:20 \| 00,865,832 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2009-07-08 10:54:34 \| 00,359,952 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009-07-07 18:10:02 \| 02,482,848 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009-06-17 11:49:44 \| 00,616,408 \| ---- \| M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe PRC - [2009-05-07 22:30:22 \| 00,192,128 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe PRC - [2009-04-02 15:11:02 \| 00,342,312 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009-04-02 15:10:56 \| 00,656,168 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009-03-26 14:31:20 \| 00,132,424 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008-12-12 10:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008-04-24 13:26:18 \| 00,202,560 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe PRC - [2008-04-24 13:25:22 \| 00,202,560 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe PRC - [2008-04-13 18:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005-09-20 09:36:20 \| 00,114,688 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe PRC - [2005-09-20 09:32:24 \| 00,077,824 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe PRC - [2005-05-09 14:32:14 \| 00,053,248 \| ---- \| M] (Musicmatch Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe PRC - [2004-10-14 13:42:54 \| 01,404,928 \| ---- \| M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2004-03-04 10:30:48 \| 00,311,296 \| ---- \| M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE PRC - [2004-03-04 10:26:20 \| 00,174,592 \| ---- \| M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE PRC - [2003-09-03 19:12:44 \| 00,221,184 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe ========== Modules (SafeList) ========== MOD - [2009-11-08 10:28:44 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\OTL.exe MOD - [2008-04-13 18:12:51 \| 01,054,208 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008-04-13 18:12:01 \| 00,413,696 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp60.dll MOD - [2008-04-13 18:11:53 \| 00,185,344 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll MOD - [2007-04-19 14:21:40 \| 00,116,264 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (0120381256135057mcinstcleanup) SRV - [2009-09-16 10:23:32 \| 00,365,072 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009-09-16 09:22:08 \| 00,144,704 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009-09-16 08:28:38 \| 00,606,736 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009-09-15 09:23:54 \| 00,894,136 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009-07-09 23:26:20 \| 00,865,832 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009-07-08 19:22:22 \| 00,068,112 \| ---- \| M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor) SRV - [2009-07-08 10:54:34 \| 00,359,952 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009-07-07 18:10:02 \| 02,482,848 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2009-06-17 11:49:44 \| 00,616,408 \| ---- \| M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService) SRV - [2009-04-02 15:10:56 \| 00,656,168 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009-03-26 14:31:20 \| 00,132,424 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008-12-12 10:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008-07-29 20:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008-07-29 18:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008-07-29 18:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008-07-25 10:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-07-25 10:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008-04-24 13:26:18 \| 00,202,560 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SRV - [2008-04-13 18:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\pchsvc.dll -- (helpsvc) SRV - [2007-03-07 15:47:46 \| 00,076,848 \| ---- \| M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006-10-18 20:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2004-03-04 10:30:48 \| 00,311,296 \| ---- \| M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS) SRV - [2003-12-17 12:59:48 \| 00,143,360 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc) ========== Driver Services (SafeList) ========== DRV - [2009-09-16 09:22:48 \| 00,214,664 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk) DRV - [2009-09-16 09:22:48 \| 00,079,816 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk) DRV - [2009-09-16 09:22:48 \| 00,040,552 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk) DRV - [2009-09-16 09:22:48 \| 00,035,272 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk) DRV - [2009-09-16 09:22:14 \| 00,034,248 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk) DRV - [2009-07-16 11:32:26 \| 00,120,136 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP) DRV - [2009-03-26 14:23:46 \| 00,036,864 \| ---- \| M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL) DRV - [2009-03-19 15:32:48 \| 00,023,400 \| ---- \| M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008-04-13 12:45:12 \| 00,060,032 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) DRV - [2008-04-13 12:36:39 \| 00,043,008 \| ---- \| M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008-04-13 12:36:39 \| 00,040,960 \| ---- \| M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2007-11-26 18:54:11 \| 00,102,664 \| ---- \| M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm) DRV - [2007-11-13 04:25:53 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv) DRV - [2007-07-26 17:06:18 \| 00,043,528 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2007-02-25 12:10:48 \| 00,005,376 \| --S- \| M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv) DRV - [2006-10-05 16:07:28 \| 00,004,736 \| ---- \| M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005-09-20 10:00:54 \| 01,302,332 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm) DRV - [2005-01-27 14:31:06 \| 00,260,352 \| ---- \| M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm) DRV - [2004-12-06 00:05:00 \| 00,100,603 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2004-12-06 00:05:00 \| 00,098,714 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2004-12-06 00:05:00 \| 00,086,586 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2004-12-06 00:05:00 \| 00,034,843 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2004-12-06 00:05:00 \| 00,025,883 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2004-12-06 00:05:00 \| 00,015,227 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2004-12-06 00:05:00 \| 00,006,363 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2004-12-06 00:05:00 \| 00,004,123 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2004-12-06 00:05:00 \| 00,002,239 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres) DRV - [2004-12-01 02:22:00 \| 00,087,488 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2004-11-23 01:56:00 \| 00,040,480 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm) DRV - [2004-09-17 08:02:54 \| 00,732,928 \| ---- \| M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt) DRV - [2004-08-04 04:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink) DRV - [2004-08-03 21:29:56 \| 01,897,408 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv) DRV - [2004-07-14 10:29:04 \| 00,005,627 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5) DRV - [2004-07-14 10:28:50 \| 00,023,545 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln) DRV - [2004-06-15 21:52:40 \| 00,061,157 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53) DRV - [2004-03-05 21:15:34 \| 00,647,929 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52) DRV - [2004-03-05 21:14:42 \| 01,233,525 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51) DRV - [2004-03-05 21:13:38 \| 00,037,048 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt) DRV - [2004-02-10 14:49:14 \| 00,154,112 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) DRV - [2003-01-10 10:56:34 \| 00,030,921 \| ---- \| M] (Service & Quality Technology.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SQCaptur.sys -- (DCamUSBSQTECH) DRV - [2001-08-17 13:51:32 \| 00,018,688 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\irsir.sys -- (irsir) DRV - [2001-08-17 13:07:44 \| 00,019,072 \| ---- \| M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001-08-17 13:07:42 \| 00,030,688 \| ---- \| M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001-08-17 13:07:40 \| 00,028,384 \| ---- \| M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001-08-17 13:07:36 \| 00,032,640 \| ---- \| M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001-08-17 13:07:34 \| 00,016,256 \| ---- \| M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001-08-17 12:57:38 \| 00,016,128 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA) DRV - [2001-08-17 12:52:22 \| 00,036,736 \| ---- \| M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001-08-17 12:52:20 \| 00,045,312 \| ---- \| M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001-08-17 12:52:20 \| 00,040,320 \| ---- \| M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001-08-17 12:52:18 \| 00,049,024 \| ---- \| M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001-08-17 12:52:16 \| 00,179,584 \| ---- \| M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001-08-17 12:52:12 \| 00,017,280 \| ---- \| M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001-08-17 12:52:00 \| 00,026,496 \| ---- \| M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001-08-17 12:51:58 \| 00,014,848 \| ---- \| M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001-08-17 12:51:56 \| 00,005,248 \| ---- \| M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001-08-17 12:51:54 \| 00,006,656 \| ---- \| M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AIM Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.yahoo.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=" FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 02:01:31 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-06 16:25:29 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-06 16:25:29 \| 00,000,000 \| ---D \| M] [2009-03-27 21:36:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Extensions [2008-11-22 12:47:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-03-27 21:36:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2009-11-07 21:08:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\9w507ls9.default\extensions [2009-09-02 11:16:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\9w507ls9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-09-28 11:42:07 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\9w507ls9.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770} [2008-11-19 10:05:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\9w507ls9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2008-11-24 00:49:25 \| 00,001,728 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\9w507ls9.default\searchplugins\aim-search.xml [2009-11-07 21:08:49 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009-11-06 16:25:29 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007-09-29 10:40:48 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2009-11-06 16:24:17 \| 00,023,512 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009-11-06 16:24:18 \| 00,137,176 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008-08-19 15:31:28 \| 00,098,304 \| ---- \| M] (ASP) -- C:\Program Files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll [2009-02-23 09:45:06 \| 00,177,592 \| ---- \| M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll [2009-11-06 16:24:59 \| 00,064,984 \| ---- \| M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009-10-02 23:13:10 \| 00,095,600 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009-05-10 21:52:23 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009-05-10 21:52:24 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009-08-24 12:45:46 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009-08-24 12:45:46 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2008-12-01 10:50:26 \| 00,004,946 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml [2009-08-24 12:45:46 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009-08-24 12:45:46 \| 00,002,344 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009-08-24 12:45:46 \| 00,002,371 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009-08-24 12:45:46 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009-08-24 12:45:46 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (348158 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 11963 more lines... O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll () O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe () O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\5.0_( File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (Reg Error: Value error.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1136108086403 (MUWebControl Class) O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://ca.com/us/securityadvisor/virusinfo/webscan.cab (Reg Error: Value error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamem...GameManager.cab (Reg Error: Value error.) O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (Reg Error: Value error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004-08-10 12:04:08 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009-11-08 10:28:05 \| 00,528,896 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\OTL.exe [2009-11-06 23:52:50 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Jeremy\Application Data\wsInspector [2009-11-06 23:51:01 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Jeremy\My Documents\wsInspector [2009-11-06 23:50:08 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Startup Inspector for Windows [2009-11-06 23:47:58 \| 00,685,988 \| ---- \| C] (Igor Pavlov) -- C:\Documents and Settings\Jeremy\Desktop\isw2.exe [2009-11-04 11:34:53 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\Jeremy\Desktop\RootRepeal.exe [2009-11-03 21:02:53 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-11-03 21:02:48 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-11-03 21:02:47 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-11-03 21:01:53 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeremy\Desktop\mbam-setup.exe [2009-11-03 20:59:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009-11-03 20:58:54 \| 00,791,393 \| ---- \| C] (Lars Hederer ) -- C:\Documents and Settings\Jeremy\Desktop\erunt_setup.exe [2009-11-03 20:57:14 \| 00,021,504 \| ---- \| C] (Doug Knox) -- C:\Documents and Settings\Jeremy\Desktop\SysRestorePoint.exe [2009-11-03 20:39:37 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\TFC.exe [2009-11-02 14:48:35 \| 00,000,000 \| RH-D \| C] -- C:\Documents and Settings\Jeremy\Recent [2009-10-26 11:57:58 \| 00,000,000 \| -HSD \| C] -- C:\Documents and Settings\Jeremy\IECompatCache [2009-10-10 12:04:14 \| 00,000,000 \| -H-D \| C] -- C:\WINDOWS\ie8 [2008-11-30 22:41:59 \| 05,360,483 \| ---- \| C] (Console Classix ) -- C:\Documents and Settings\Jeremy\Application Data\consoleclassixsetup.exe ========== Files - Modified Within 30 Days ========== [2009-11-08 10:28:44 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\OTL.exe [2009-11-07 09:45:27 \| 00,020,003 \| ---- \| M] () -- C:\WINDOWS\System32\Config.MPF [2009-11-07 09:43:00 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009-11-07 09:42:56 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009-11-06 23:54:19 \| 07,864,320 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\ntuser.dat [2009-11-06 23:54:19 \| 00,000,178 \| -HS- \| M] () -- C:\Documents and Settings\Jeremy\NTUSER.INI [2009-11-06 23:53:34 \| 08,577,552 \| -H-- \| M] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\IconCache.db [2009-11-06 23:50:17 \| 00,000,750 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\Startup Inspector for Windows.lnk [2009-11-06 23:48:38 \| 00,685,988 \| ---- \| M] (Igor Pavlov) -- C:\Documents and Settings\Jeremy\Desktop\isw2.exe [2009-11-06 13:34:06 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-11-04 11:36:45 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\settings.dat [2009-11-04 11:35:10 \| 00,472,064 \| ---- \| M] ( ) -- C:\Documents and Settings\Jeremy\Desktop\RootRepeal.exe [2009-11-03 21:02:58 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009-11-03 21:01:54 \| 04,045,536 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeremy\Desktop\mbam-setup.exe [2009-11-03 20:59:49 \| 00,000,611 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\NTREGOPT.lnk [2009-11-03 20:59:49 \| 00,000,592 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\ERUNT.lnk [2009-11-03 20:58:55 \| 00,791,393 \| ---- \| M] (Lars Hederer ) -- C:\Documents and Settings\Jeremy\Desktop\erunt_setup.exe [2009-11-03 20:57:21 \| 00,021,504 \| ---- \| M] (Doug Knox) -- C:\Documents and Settings\Jeremy\Desktop\SysRestorePoint.exe [2009-11-03 20:40:11 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy\Desktop\TFC.exe [2009-11-03 13:33:48 \| 00,348,158 \| R--- \| M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2009-11-02 15:07:45 \| 00,524,016 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-11-02 15:07:45 \| 00,442,466 \| ---- \| M] () -- C:\WINDOWS\System32\PERFH009.DAT [2009-11-02 15:07:45 \| 00,071,732 \| ---- \| M] () -- C:\WINDOWS\System32\PERFC009.DAT [2009-11-01 20:44:30 \| 00,001,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2009-11-01 00:00:17 \| 00,000,334 \| ---- \| M] () -- C:\WINDOWS\tasks\McQcTask.job [2009-10-25 22:14:36 \| 00,000,386 \| ---- \| M] () -- C:\WINDOWS\tasks\SmartDefrag.job [2009-10-25 22:14:25 \| 00,000,792 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk [2009-10-22 14:56:16 \| 00,001,578 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\LimeWire 5.3.6.lnk [2009-10-22 12:26:45 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009-10-22 03:19:04 \| 05,939,712 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009-10-22 03:19:04 \| 05,939,712 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009-10-17 12:25:23 \| 00,047,288 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009-10-15 00:21:09 \| 00,000,342 \| ---- \| M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009-10-12 18:00:40 \| 00,005,493 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\Jeremy resume.doc [2009-10-09 15:30:29 \| 00,342,994 \| R--- \| M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20091103-133346.backup [2009-10-09 14:36:06 \| 00,001,548 \| ---- \| M] () -- C:\Documents and Settings\Jeremy\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2009-11-06 23:50:17 \| 00,000,750 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Desktop\Startup Inspector for Windows.lnk [2009-11-04 11:36:45 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Desktop\settings.dat [2009-11-03 21:02:58 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009-11-03 20:59:49 \| 00,000,611 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Desktop\NTREGOPT.lnk [2009-11-03 20:59:49 \| 00,000,592 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Desktop\ERUNT.lnk [2009-10-25 22:14:36 \| 00,000,386 \| ---- \| C] () -- C:\WINDOWS\tasks\SmartDefrag.job [2009-10-25 22:14:25 \| 00,000,792 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk [2009-10-22 14:56:16 \| 00,001,578 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Desktop\LimeWire 5.3.6.lnk [2007-12-03 20:36:54 \| 00,001,759 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007-11-23 11:58:26 \| 00,139,008 \| ---- \| C] () -- C:\WINDOWS\System32\guard32.dll [2007-09-29 18:23:52 \| 00,001,806 \| ---- \| C] () -- C:\Program Files\jpgyabbc.txt [2007-09-24 11:00:13 \| 00,000,029 \| ---- \| C] () -- C:\WINDOWS\PControl.ini [2007-09-17 19:26:44 \| 00,008,396 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log [2007-06-19 21:12:15 \| 00,000,047 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2007-06-08 23:15:05 \| 00,014,336 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-05-28 14:53:52 \| 00,000,437 \| ---- \| C] () -- C:\WINDOWS\dellstat.ini [2007-05-28 14:53:03 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\dlbcvs.dll [2007-05-28 14:53:01 \| 00,000,373 \| ---- \| C] () -- C:\WINDOWS\System32\dlbccoin.ini [2007-05-19 22:18:30 \| 00,001,473 \| ---- \| C] () -- C:\WINDOWS\cdPlayer.ini [2007-02-06 19:59:34 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2006-08-28 18:19:39 \| 00,000,129 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\fusioncache.dat [2006-07-06 23:49:48 \| 00,000,022 \| ---- \| C] () -- C:\WINDOWS\kodakpcd.Jeremy.ini [2006-06-29 13:58:52 \| 00,030,808 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006-06-29 13:53:56 \| 00,026,489 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006-04-18 14:39:28 \| 00,029,779 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006-04-18 14:39:28 \| 00,026,040 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2005-09-23 13:28:00 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\YCRWin32.dll [2005-06-21 17:28:53 \| 00,061,678 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Application Data\PFP120JPR.{PB [2005-06-21 17:28:53 \| 00,012,358 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Application Data\PFP120JCM.{PB [2005-06-15 11:41:47 \| 00,047,288 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005-05-23 16:01:26 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Jeremy\Application Data\DESKTOP.INI [2005-05-23 16:01:23 \| 08,577,552 \| -H-- \| C] () -- C:\Documents and Settings\Jeremy\Local Settings\Application Data\IconCache.db [2005-05-19 09:11:42 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2005-05-19 09:03:44 \| 00,000,000 \| -H-- \| C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat [2005-05-19 09:02:58 \| 00,000,818 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2005-05-19 08:24:18 \| 00,000,370 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005-03-01 15:30:20 \| 00,000,453 \| ---- \| C] () -- C:\WINDOWS\bdoscandellang.ini [2005-01-28 07:08:34 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [2004-08-10 12:13:12 \| 00,000,780 \| ---- \| C] () -- C:\WINDOWS\ORUN32.INI [2004-08-10 12:04:08 \| 00,000,576 \| ---- \| C] () -- C:\WINDOWS\WIN.INI [2004-08-10 11:57:52 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2004-08-10 11:57:42 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI [2004-08-04 04:00:00 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\FXSPERF.INI [2004-07-10 18:55:38 \| 00,252,416 \| ---- \| C] () -- C:\WINDOWS\System32\wsiShared.dll [1979-12-31 23:00:00 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\e100bmsg.dll ========== LOP Check ========== [2007-08-21 20:08:07 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2007-01-14 17:38:41 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\CA [2008-11-29 20:22:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Comcast [2007-05-28 14:59:32 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell Photo Printer 720 [2009-06-03 14:38:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DriverCure [2009-03-19 15:05:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2008-11-22 12:31:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2008-12-11 15:46:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007-09-29 14:53:09 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\YAHOO [2009-05-10 21:58:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009-03-23 22:20:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Azureus [2009-10-09 19:27:56 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\CallingID [2009-09-28 12:59:40 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\comcasttb [2007-05-28 15:03:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Corel [2009-05-19 15:49:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\DriverCure [2007-03-04 23:23:47 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\funkitron [2009-11-03 14:10:18 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\ICAClient [2009-06-09 17:17:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\IObit [2005-05-23 17:18:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Leadertech [2008-10-11 21:38:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\MSNInstaller [2009-07-19 11:16:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Musicmatch [2007-07-11 21:59:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Uniblue [2007-08-13 23:24:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Viewpoint [2009-11-06 23:52:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\wsInspector [2004-08-04 04:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2009-10-15 00:21:09 \| 00,000,342 \| ---- \| M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009-11-01 00:00:17 \| 00,000,334 \| ---- \| M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009-11-07 09:43:00 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-10-25 22:14:36 \| 00,000,386 \| ---- \| M] () -- C:\WINDOWS\Tasks\SmartDefrag.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\i_plugins.txt:SummaryInformation < End of report >

Tweene View Member Profile	Nov 8 2009, 03:16 PM Post #5
Trusted Helper Posts: 1,224 From: Near my bed OS: XP - Vista	Hi Are you getting help in an other forum ?

babybearfan View Member Profile	Nov 8 2009, 05:01 PM Post #6
Member Posts: 14 OS: Windows XP	No, this is it.

Tweene View Member Profile	Nov 9 2009, 03:53 PM Post #7
Trusted Helper Posts: 1,224 From: Near my bed OS: XP - Vista	Hello From your log, I see nothing really nasty. Maybe disabling some items from startup will help you. Before that, let's verify one or two things. Quick heads-up for you before we continue : I see some P2P software, so I'll give you my speech about them You are using peer-to-peer programs, specifically LimeWire and Azureus. These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection. The choice to remove them is entirely up to you, but I would strongly recommend that you do. If you want assistance removing this, please let me know. All I ask is that you do not use your P2P programs while we are fixing your problem. An article about the dangers of P2O can be found here. Step 1 Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack. Please go to the link below to update. http://www.adobe.com/products/acrobat/readstep2.html Step 2 Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - No CLSID value found. [2008-12-11 15:46:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007-08-13 23:24:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Viewpoint :Commands [purity] [emptytemp] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post the log Step 3 Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: CODE :contents C:\Program Files\jpgyabbc.txt Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt Note : the file could be big, so just paste here the first 20 lines please. Step 4 Please post the OTL log from the second step with the systemlook log from the third step

babybearfan View Member Profile	Nov 9 2009, 09:07 PM Post #8
Member Posts: 14 OS: Windows XP	Here are the logs. And by the way, I have gotten rid of limewire and thought I got rid of Azurus a long time ago but I guess not. What more do I need to do there? All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E}\ not found. File move failed. C:\Documents and Settings\All Users\Application Data\Viewpoint\ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\ scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Application Data User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jeremy ->Temp folder emptied: 77691 bytes ->Temporary Internet Files folder emptied: 1371763 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 39622680 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 34539 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 499925 bytes User: Tiffany ->Temp folder emptied: 65536 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 38028469 bytes RecycleBin emptied: 5314211 bytes Total Files Cleaned = 81.11 mb OTL by OldTimer - Version 3.1.4.0 log created on 11092009_194913 Files\Folders moved on Reboot... Folder move failed. C:\Documents and Settings\All Users\Application Data\Viewpoint\\AxMetaStream_Win scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\All Users\Application Data\Viewpoint\ scheduled to be moved on reboot. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\\Viewpoint Experience Technology\Resources folder moved successfully. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\\Viewpoint Experience Technology folder moved successfully. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\\ViewBarV35\Thumbnails folder moved successfully. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\\ViewBarV35 folder moved successfully. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\\ViewBar\Thumbnails folder moved successfully. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\\ViewBar folder moved successfully. Folder move failed. C:\Documents and Settings\Jeremy\Application Data\Viewpoint\ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Tiffany\Local Settings\Temp\hsperfdata_Tiffany\1664 scheduled to be moved on reboot. Registry entries deleted on Reboot... SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 20:55 on 09/11/2009 by Jeremy (Administrator - Elevation successful) ========== contents ========== C:\Program Files\jpgyabbc.txt - Opened succesfully. Files to delete: C:\Documents and Settings\Tiffany\Local Settings\Temp\WinAntiSpyware2007Setup.exe C:\Documents and Settings\Tiffany\Local Settings\Temporary Internet Files\Content.IE5\TAR1017H\YazzleBundle-1549[1].exe C:\WINDOWS\Downloaded Program Files\installer.exe C:\WINDOWS\system32\awvvt.dll C:\WINDOWS\system32\hggecby.dll C:\WINDOWS\ymbhutrA.exe C:\WINDOWS\Downloaded Program Files\vet.da1 C:\WINDOWS\SYSTEM32\fgjlm.bak1 C:\WINDOWS\SYSTEM32\fhhkj.bak1 C:\WINDOWS\SYSTEM32\fhhkj.bak2 C:\WINDOWS\SYSTEM32\fhhkj.tmp C:\WINDOWS\SYSTEM32\fgjlm.ini C:\WINDOWS\SYSTEM32\fhhkj.ini Folders to delete: C:\Program Files\Yahoo!\YPSR\Quarantine C:\VundoFix Backup C:\qoobox C:\Documents and Settings\Jeremy\Application Data\Sunbelt Software C:\Program Files\Sunbelt Software C:\WINDOWS\SYSTEM32\cofig32 C:\WINDOWS\SYSTEM32\dllz1 C:\WINDOWS\SYSTEM32\IBD4 C:\WINDOWS\SYSTEM32\temps1 -=End Of File=- your patience with me has been and will always be greatly appreciated. Thank you This post has been edited by babybearfan: Nov 9 2009, 10:37 PM

Tweene View Member Profile	Nov 11 2009, 04:33 PM Post #9
Trusted Helper Posts: 1,224 From: Near my bed OS: XP - Vista	Hello QUOTE (babybearfan @ Nov 10 2009, 04:07 AM) your patience with me has been and will always be greatly appreciated. Thank you You're welcome. Ok, in this post, we will clean a "little more" and run some general scans to clear out the remnants and ensure nothing else sneaked onto your machine. Step 1 Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL [2009-10-22 14:56:16 \| 00,001,578 \| ---- \| C] () -- C:\Documents and Settings\Jeremy\Desktop\LimeWire 5.3.6.lnk [2007-08-21 20:08:07 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2008-12-11 15:46:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009-03-23 22:20:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Azureus [2007-08-13 23:24:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jeremy\Application Data\Viewpoint [2007-09-29 18:23:52 \| 00,001,806 \| ---- \| C] () -- C:\Program Files\jpgyabbc.txt :Commands [emptytemp] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post the log Step 2 You have used Malwarebytes before. If you still have it on your machine please update and run a Quick Scan. Post the scan report back here. If you no-longer have Malwarebytes, please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. Step 3 Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Step 4 Logs are looking better, let's run some deeper scans to see if there is anything else. Using Internet Explorer or Firefox, visit Kaspersky Online Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs. 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take quite a long time to download. Once the update is complete, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, adware, dialers, and other riskware Archives E-mail databases Click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View report... at the bottom. Click the Save report... button. Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply Step 5 Things I'd like to see in your next reply - OTL log from the first step, - Malwarebyte from the second step, - Kaspersky log from the fourth step.

babybearfan View Member Profile	Nov 12 2009, 10:11 PM Post #10
Member Posts: 14 OS: Windows XP	OK, here are the logs. All processes killed ========== OTL ========== File C:\Documents and Settings\Jeremy\Desktop\LimeWire 5.3.6.lnk not found. File move failed. C:\Documents and Settings\All Users\Application Data\Azureus\ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\All Users\Application Data\Viewpoint\ scheduled to be moved on reboot. Folder C:\Documents and Settings\Jeremy\Application Data\Azureus\ not found. Folder C:\Documents and Settings\Jeremy\Application Data\Viewpoint\ not found. C:\Program Files\jpgyabbc.txt moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Application Data User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jeremy ->Temp folder emptied: 2006 bytes ->Temporary Internet Files folder emptied: 41917 bytes ->Java cache emptied: 200118 bytes ->FireFox cache emptied: 37394009 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 34540 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Tiffany ->Temp folder emptied: 65536 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 25443360 bytes RecycleBin emptied: 454546261 bytes Total Files Cleaned = 493.74 mb OTL by OldTimer - Version 3.1.4.0 log created on 11112009_180106 Files\Folders moved on Reboot... Folder move failed. C:\Documents and Settings\All Users\Application Data\Azureus\ scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\All Users\Application Data\Viewpoint\\AxMetaStream_Win scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\All Users\Application Data\Viewpoint\ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Tiffany\Local Settings\Temp\hsperfdata_Tiffany\1664 scheduled to be moved on reboot. Registry entries deleted on Reboot... Malwarebytes' Anti-Malware 1.41 Database version: 3097 Windows 5.1.2600 Service Pack 3 2009-11-11 20:04:15 mbam-log-2009-11-11 (20-04-15).txt Scan type: Quick Scan Objects scanned: 117077 Time elapsed: 30 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, November 12, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, November 12, 2009 13:43:02 Records in database: 3195210 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 68361 Threats found: 8 Infected objects found: 14 Suspicious objects found: 0 Scan duration: 08:33:52 File name / Threat / Threats count C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\3e021ed8-5d2341c6.bac_a00176 Infected: Trojan.Java.ClassLoader.i 1 C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\3e021ed8-5d2341c6.bac_a00176 Infected: Trojan.Java.ClassLoader.k 2 C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\arr3.jar-53b20018-66711a79.zip.bac_a00176 Infected: Trojan.Java.ClassLoader.i 1 C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\arr3.jar-53b20018-66711a79.zip.bac_a00176 Infected: Trojan.Java.ClassLoader.k 2 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\billy idol storyteller (unplugged version).mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\Britney Spears - Rebellion.mp3 Infected: Trojan-Downloader.WMA.GetCodec.z 1 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\Brooks & Dunn - Hurt Train.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\perfect doria roberts.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\stand up god des she.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\still frankie j.wma Infected: Trojan-Downloader.WMA.GetCodec.x 1 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\ti justintimberlake.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1 C:\MGtools9x.exe Infected: Trojan-Dropper.Win32.Agent.aocn 1 Selected area has been scanned. Thanks

Tweene View Member Profile	Nov 13 2009, 12:53 AM Post #11
Trusted Helper Posts: 1,224 From: Near my bed OS: XP - Vista	Hello QUOTE (Tweene @ Nov 9 2009, 10:53 PM) You are using peer-to-peer programs, specifically LimeWire and Azureus. These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection. You have downloaded some infected mp3, we will delete them. Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :Files C:\Documents and Settings\All Users\Application Data\Azureus C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\3e021ed8-5d2341c6.bac_a00176 C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\3e021ed8-5d2341c6.bac_a00176 C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\arr3.jar-53b20018-66711a79.zip.bac_a00176 C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\arr3.jar-53b20018-66711a79.zip.bac_a00176 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\billy idol storyteller (unplugged version).mp3 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\Britney Spears - Rebellion.mp3 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\Brooks & Dunn - Hurt Train.mp3 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\perfect doria roberts.mp3 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\stand up god des she.mp3 C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\still frankie j.wma C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\ti justintimberlake.mp3 C:\MGtools9x.exe :Commands [emptytemp] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post the log

babybearfan View Member Profile	Nov 13 2009, 12:43 PM Post #12
Member Posts: 14 OS: Windows XP	Here is the new log All processes killed ========== FILES ========== C:\Documents and Settings\All Users\Application Data\Azureus folder moved successfully. Folder move failed. C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\All Users\Application Data\Viewpoint scheduled to be moved on reboot. C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\3e021ed8-5d2341c6.bac_a00176 moved successfully. File\Folder C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\3e021ed8-5d2341c6.bac_a00176 not found. C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\arr3.jar-53b20018-66711a79.zip.bac_a00176 moved successfully. File\Folder C:\Documents and Settings\Jeremy\.housecall6.6\Quarantine\arr3.jar-53b20018-66711a79.zip.bac_a00176 not found. C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\billy idol storyteller (unplugged version).mp3 moved successfully. C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\Britney Spears - Rebellion.mp3 moved successfully. C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\Brooks & Dunn - Hurt Train.mp3 moved successfully. File\Folder C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\perfect doria roberts.mp3 not found. File\Folder C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\stand up god des she.mp3 not found. C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\still frankie j.wma moved successfully. C:\Documents and Settings\Jeremy\My Documents\LimeWire\Saved\ti justintimberlake.mp3 moved successfully. C:\MGtools9x.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Application Data User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jeremy ->Temp folder emptied: 96625082 bytes ->Temporary Internet Files folder emptied: 5874943 bytes ->Java cache emptied: 14085874 bytes ->FireFox cache emptied: 39295480 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 34540 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Tiffany ->Temp folder emptied: 65536 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 12838746 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23923440 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 183.85 mb OTL by OldTimer - Version 3.1.5.0 log created on 11132009_122503 Files\Folders moved on Reboot... Folder move failed. C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\All Users\Application Data\Viewpoint scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Tiffany\Local Settings\Temp\hsperfdata_Tiffany\1664 scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\mcmsc_g0oi2yf9jQguIde not found! Registry entries deleted on Reboot... My MacAfee keeps finding a trojan named Artemis! everytime it does a scheduled scan in the OTL.exe and another file referred to as A0069281.exe. Is this normal? Location C:\SYSTEM VOLUME INFORMATION\_RESTORE {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP595 Item C:\SYSTEM VOLUME INFORMATION\_RESTORE {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP595\A0069281.EXE and Location C:\DOCUMENTS AND SETTINGS\JEREMY\DESKTOP Item C:\DOCUMENTS AND SETTINGS\JEREMY\DESKTOP\OTL.EXE I also had to re-download OTL to run it again. thanks This post has been edited by babybearfan: Nov 13 2009, 10:53 PM

Tweene View Member Profile	Nov 14 2009, 05:55 PM Post #13
Trusted Helper Posts: 1,224 From: Near my bed OS: XP - Vista	Hello See if you can manually delete this folder in bold : C:\Documents and Settings\All Users\Application Data\Viewpoint Please give me some news about the current situation of your computer.

babybearfan View Member Profile	Nov 14 2009, 06:23 PM Post #14
Member Posts: 14 OS: Windows XP	It was running considerably better after removing infected files found by the Kaspersky scanner, but seems to be slowing again. Would not let me manually remove C:\Documents and Settings\All Users\Application Data\Viewpoint. error message as follows: Cannot delete AxMetaStream_Win: access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use. This post has been edited by babybearfan: Nov 14 2009, 06:24 PM

Tweene View Member Profile	Nov 14 2009, 07:40 PM Post #15
Trusted Helper Posts: 1,224 From: Near my bed OS: XP - Vista	Ok, and in safe mode ?

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Malware and Spyware Cleaning Guide	0 / 2,131,863	19th August 2007 - 07:38 PM admin started - last by admin
Virus, Spyware and Trojan Removal SysRestorePoint.exe error - Malware and Spyware Cleaning Guide [Solved	8 / 1,866	28th July 2009 - 09:54 PM tommy_ started - last by JSntgRvr
Virus, Spyware and Trojan Removal Help with Step one of Malware and Spyware Cleaning Guide	1 / 1,041	28th July 2009 - 03:21 PM lfunfsinn started - last by lfunfsinn
Virus, Spyware and Trojan Removal Malware and Spyware Cleaning Guide [Solved]	5 / 1,280	5th September 2009 - 04:50 PM klacroix413 started - last by Transience