Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to do much of anything... [Solved]

Started by Wafflemonger , Jun 09 2009 03:34 PM

  • This topic is locked This topic is locked

#1
Wafflemonger
Posted 09 June 2009 - 03:34 PM

Wafflemonger

    Member

  • Member
  • PipPipPip
  • 548 posts
First off, this is my brothers computer. Alright well i read the topic on how to post this, but i can only post one log and run one file out of all the ones posted. I am unable to go to any website related to security (including microsoft.com) and i cannot update MBAM, or install spybot S&D, it's not a firewall setting or anything like that. OTL was the only thing that would run:

OTL logfile created on: 6/9/2009 5:23:16 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Janet\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

375.49 Mb Total Physical Memory | 73.30 Mb Available Physical Memory | 19.52% Memory free
791.41 Mb Paging File | 415.43 Mb Available in Paging File | 52.49% Paging File free
Paging file location(s): C:\pagefile.sys 450 850 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 34.52 Gb Free Space | 30.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Janet
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Documents and Settings\Janet\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (sp_rssrv [Auto | Running]) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.ProgramStatisticsSvc [Auto | Running]) -- C:\windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (UxTuneUp [Auto | Running]) -- C:\windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\windows\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\windows\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\windows\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (als4k [On_Demand | Running]) -- C:\windows\system32\drivers\als4000.sys (Avance Logic, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\windows\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\windows\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Belkin700F [On_Demand | Running]) -- C:\windows\system32\DRIVERS\BLKWGDv7.sys (Belkin Corporation. )
DRV - (FTDIBUS [On_Demand | Stopped]) -- C:\windows\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K [On_Demand | Stopped]) -- C:\windows\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (gameenum [On_Demand | Running]) -- C:\windows\system32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (HSFHWBS2 [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (ialm [On_Demand | Running]) -- C:\windows\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\windows\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MR97310_VGA_DUAL_CAMERA [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\mr97310v.sys (Mars Semiconductor Corp.)
DRV - (pcouffin [On_Demand | Running]) -- C:\windows\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\windows\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\windows\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\windows\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SjyPkt [On_Demand | Stopped]) -- C:\windows\System32\Drivers\SjyPkt.sys (Windows ® 2000 DDK provider)
DRV - (StreamDispatcher [Auto | Running]) -- C:\windows\system32\DRIVERS\strmdisp.sys (Conexant Systems)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (winachsf [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60314
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60314

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "BTJunkie"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/06/09 01:09:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/05 17:42:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/05 17:50:58 | 00,000,000 | ---D | M]

[2009/05/02 12:58:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Extensions
[2008/09/01 22:53:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/02 12:58:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Extensions\[email protected]
[2009/06/09 03:05:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions
[2009/05/26 18:00:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}
[2008/06/13 12:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/05/08 19:47:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/05 18:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/26 18:12:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2009/05/15 22:18:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/06/09 03:05:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/05 18:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/05/27 10:34:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/06/05 16:58:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\[email protected]
[2009/06/05 18:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\[email protected]
[2009/06/05 18:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\staged-xpis
[2009/05/08 17:23:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\mozilla\Firefox\Profiles\hy3bgs4j.default\extensions\[email protected]
[2009/06/09 01:09:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/07/15 19:08:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/05 17:42:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/09 01:09:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (&Google Web Accelerator Helper) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" (Crawler.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Janet\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide....ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} http://rms2.invokeso...1450/MILive.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{224DB87C-7EB2-4B6D-B59B-21505DD132B7}\\NameServer = 85.255.112.98,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{2EF95E58-21C5-4B66-9B9D-15E45934737D}\\NameServer = 85.255.112.98,85.255.112.137
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4bbc1b5a-394d-11dc-b3f8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4bbc1b5a-394d-11dc-b3f8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/09 17:21:57 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[5 C:\windows\*.tmp files]
[1 C:\Documents and Settings\Janet\My Documents\*.tmp files]
[2009/06/09 17:21:57 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2009/06/09 17:20:55 | 00,000,000 | ---D | C] -- C:\windows\ERDNT
[2009/06/09 17:20:45 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Janet\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/06/09 17:20:40 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\ERUNT.lnk
[2009/06/09 17:20:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/09 17:20:00 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Janet\Desktop\erunt_setup.exe
[2009/06/09 17:07:40 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/09 17:07:23 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\Rooter.exe
[2009/06/09 16:58:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\Malwarebytes
[2009/06/09 16:58:32 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/06/09 16:58:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/09 16:58:28 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/06/09 16:58:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/09 16:58:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/09 16:50:40 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\HijackThis.lnk
[2009/06/09 16:50:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/09 16:48:04 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\SpywareBlaster.lnk
[2009/06/09 16:47:57 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/06/09 16:41:35 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Janet\Desktop\spybotsd162.exe
[2009/06/09 16:32:21 | 03,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Janet\Desktop\spywareblastersetup42.exe
[2009/06/09 16:31:14 | 02,737,808 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janet\Desktop\mbam-setup.exe
[2009/06/09 16:30:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Janet\Desktop\HJTInstall.exe
[2009/06/09 02:58:09 | 00,604,416 | ---- | C] (TuneUp Software) -- C:\windows\System32\TUProgSt.exe
[2009/06/09 02:58:05 | 00,028,928 | ---- | C] (TuneUp Software) -- C:\windows\System32\uxtuneup.dll
[2009/06/09 02:58:02 | 00,361,216 | ---- | C] (TuneUp Software) -- C:\windows\System32\TuneUpDefragService.exe
[2009/06/09 02:57:58 | 00,000,486 | ---- | C] () -- C:\windows\tasks\1-Click Maintenance.job
[2009/06/09 02:57:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\TuneUp Software
[2009/06/09 02:57:12 | 00,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2009/06/09 02:57:11 | 00,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2009/06/09 02:56:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/06/09 02:56:16 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/06/09 02:55:25 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/06/09 02:54:17 | 17,777,408 | ---- | C] (TuneUp Software) -- C:\Documents and Settings\Janet\Desktop\TU2009TrialEN-US.exe
[2009/06/09 01:25:08 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/06/09 01:25:07 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswRdr.sys
[2009/06/09 01:25:06 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswTdi.sys
[2009/06/09 01:25:05 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aavmker4.sys
[2009/06/09 01:25:02 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\windows\System32\AvastSS.scr
[2009/06/09 01:25:00 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswSP.sys
[2009/06/09 01:25:00 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswmon2.sys
[2009/06/09 01:25:00 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswmon.sys
[2009/06/09 01:25:00 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2009/06/09 01:24:23 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\windows\System32\aswBoot.exe
[2009/06/09 01:24:23 | 00,380,928 | ---- | C] () -- C:\windows\System32\actskin4.ocx
[2009/06/09 01:24:19 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/06/09 01:20:21 | 35,272,712 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\setupeng.exe
[2009/06/09 01:09:19 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/06/09 00:04:50 | 00,079,360 | ---- | C] () -- C:\windows\System32\drivers\MSIVXserv.sys
[2009/06/08 23:56:45 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2009/06/08 23:56:44 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2009/06/08 23:56:42 | 00,000,262 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/08 23:56:09 | 03,196,328 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\ventrilo-3.0.5-Windows-i386.exe
[2009/06/08 23:55:30 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\SwiftKit.lnk
[2009/06/08 23:54:22 | 03,630,342 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\SwiftKit(Install).exe
[2009/06/08 23:53:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\TeamViewer
[2009/06/08 23:53:23 | 00,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[2009/06/08 23:53:21 | 00,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2009/06/08 23:52:24 | 02,024,544 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\TeamViewer_Setup.exe
[2009/06/06 13:16:55 | 00,049,152 | ---- | C] () -- C:\windows\System32\ChCfg.exe
[2009/06/06 13:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2009/06/06 13:15:39 | 00,141,016 | ---- | C] () -- C:\windows\System32\alsndmgr.wav
[2009/06/06 13:15:36 | 00,147,456 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2009/06/06 13:09:00 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\CCleaner.lnk
[2009/06/06 13:07:34 | 03,247,736 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup220.exe
[2009/06/06 12:17:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Desktop\Media Players
[2009/06/05 17:42:23 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/31 16:53:40 | 00,000,566 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\Shortcut to Charlaine Harris.lnk
[2009/05/27 10:03:55 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/05/27 10:03:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\DNA
[2009/05/25 18:48:53 | 19,387,336 | ---- | C] (DivX, Inc.) -- C:\Documents and Settings\Janet\My Documents\DivXInstaller.exe
[2009/05/25 18:34:08 | 00,000,000 | ---D | C] -- C:\divx
[2009/05/25 17:38:02 | 00,028,673 | ---- | C] () -- C:\windows\System32\gxvxcwfnsnmxxkjuelixjynbnskoosneyfcah.dll
[2009/05/25 17:38:02 | 00,000,004 | ---- | C] () -- C:\windows\System32\gxvxccount
[2009/05/25 17:37:31 | 00,000,270 | -H-- | C] () -- C:\windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/05/25 17:37:03 | 00,092,585 | ---- | C] () -- C:\Documents and Settings\Janet\My Documents\Media_Player_11_Plugin_2.3.exe
[2009/05/25 17:29:01 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spmsg.dll
[2009/05/25 17:21:19 | 25,740,144 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Janet\My Documents\wmp11-windowsxp-x86-enu.exe
[2009/05/25 17:04:49 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Registry Repair
[2009/05/24 19:43:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\DivX
[2009/05/24 19:43:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\Media Player Classic
[2009/05/24 19:25:07 | 00,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack
[2009/05/24 19:02:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/05/24 18:32:47 | 00,000,000 | -H-D | C] -- C:\windows\PIF
[2009/05/24 16:29:33 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Janet\My Documents\Survey Companies for Fern.doc
[2009/05/24 13:54:05 | 00,000,000 | ---D | C] -- C:\Temp
[2009/05/24 13:48:22 | 00,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2009/05/23 00:34:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\dvdcss
[2009/05/23 00:34:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\vlc
[2009/05/23 00:31:37 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/05/21 22:43:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/05/21 17:20:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/05/20 15:36:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/05/20 14:23:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2009/05/20 14:17:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/05/20 14:17:29 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/05/20 13:34:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/05/19 21:16:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Eyewitness News Alert
[2009/05/17 14:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\My Documents\My Library
[2009/05/17 14:25:56 | 00,057,436 | ---- | C] (Microsoft Corporation) -- C:\windows\DASShp.dll
[2009/05/17 14:25:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Reader
[2009/05/17 14:25:01 | 03,759,800 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Janet\My Documents\MSReaderSetupUSA.exe
[2009/05/17 13:02:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\My Documents\Azureus Downloads
[2009/05/17 12:51:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\Azureus
[2009/05/17 12:48:15 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2009/05/17 12:24:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/17 09:22:36 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\µTorrent.lnk
[2009/05/17 09:22:36 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/05/17 09:21:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\uTorrent
[2009/05/17 09:21:33 | 00,274,224 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Janet\My Documents\utorrent.exe
[2009/05/15 22:41:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/15 22:28:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/05/15 22:28:46 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/05/06 12:06:58 | 00,000,000 | ---- | C] () -- C:\windows\System32\MSVolume.dll
[2009/03/03 20:47:42 | 00,003,120 | ---- | C] () -- C:\windows\System32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
[2008/04/29 13:56:05 | 00,000,110 | ---- | C] () -- C:\windows\System32\ftdiun2k.ini
[2008/02/27 13:00:27 | 00,141,312 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys
[2008/01/06 18:41:01 | 00,000,169 | ---- | C] () -- C:\windows\RtlRack.ini
[2007/12/29 17:56:46 | 00,000,067 | ---- | C] () -- C:\windows\DVDRegionFree.INI
[2007/12/18 13:32:55 | 00,000,014 | ---- | C] () -- C:\windows\System32\SysEngine2.SYS
[2007/12/14 13:22:49 | 00,000,000 | ---- | C] () -- C:\windows\iPlayer.INI
[2007/11/18 11:23:44 | 00,000,122 | ---- | C] () -- C:\windows\_vmtxp.ini
[2007/11/10 09:49:16 | 02,255,360 | ---- | C] () -- C:\windows\System32\libavcodec.dll
[2007/11/10 09:49:16 | 00,395,776 | ---- | C] () -- C:\windows\System32\libmplayer.dll
[2007/11/10 09:49:16 | 00,262,144 | ---- | C] () -- C:\windows\System32\TomsMoComp_ff.dll
[2007/11/10 09:49:16 | 00,112,640 | ---- | C] () -- C:\windows\System32\libmpeg2_ff.dll
[2007/11/03 15:41:39 | 00,000,073 | ---- | C] () -- C:\windows\FSaver.ini
[2007/11/03 15:41:38 | 00,000,106 | ---- | C] () -- C:\windows\Guinea Pigs Club 03.ini
[2007/10/22 13:04:26 | 00,000,014 | ---- | C] () -- C:\windows\System32\systeminfo3.dll
[2007/10/17 13:15:42 | 00,000,031 | -H-- | C] () -- C:\windows\UKCpInfo.sys
[2007/09/12 16:35:19 | 00,000,000 | ---- | C] () -- C:\windows\pcfriend.INI
[2007/08/16 11:36:53 | 00,000,096 | ---- | C] () -- C:\windows\marscam.ini
[2007/08/04 17:09:37 | 00,000,082 | ---- | C] () -- C:\windows\MPLAYER.INI
[2007/07/26 10:59:00 | 00,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2007/07/24 09:56:02 | 00,012,409 | R--- | C] () -- C:\windows\System32\drivers\string.ini
[2007/07/23 14:53:37 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2007/03/27 11:45:22 | 00,004,096 | ---- | C] () -- C:\windows\System32\sysres.dll
[2001/10/12 10:58:20 | 00,028,672 | ---- | C] () -- C:\windows\System32\mr310exd.dll
[2001/10/12 10:57:18 | 00,036,864 | ---- | C] () -- C:\windows\System32\mr310exv.dll
[2001/08/23 08:00:00 | 00,000,665 | ---- | C] () -- C:\windows\win.ini
[2001/08/23 08:00:00 | 00,000,257 | ---- | C] () -- C:\windows\system.ini
[2000/12/07 10:13:58 | 00,015,164 | ---- | C] () -- C:\windows\Mr310twv.ini

========== Files - Modified Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]
[5 C:\windows\*.tmp files]
[1 C:\Documents and Settings\Janet\My Documents\*.tmp files]
[2009/06/09 17:24:23 | 00,000,422 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{06206F48-BC9B-451C-B31E-EC15954979E3}.job
[2009/06/09 17:22:04 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2009/06/09 17:20:45 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Janet\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/06/09 17:20:40 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\ERUNT.lnk
[2009/06/09 17:20:12 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Janet\Desktop\erunt_setup.exe
[2009/06/09 17:00:15 | 00,000,486 | ---- | M] () -- C:\windows\tasks\1-Click Maintenance.job
[2009/06/09 17:00:01 | 00,000,270 | -H-- | M] () -- C:\windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/09 16:58:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/09 16:50:40 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\HijackThis.lnk
[2009/06/09 16:48:04 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\SpywareBlaster.lnk
[2009/06/09 08:06:38 | 00,013,002 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/06/09 08:06:05 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/06/09 08:05:12 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Janet\Local Settings\desktop.ini
[2009/06/09 08:05:02 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/06/09 02:58:09 | 00,604,416 | ---- | M] (TuneUp Software) -- C:\windows\System32\TUProgSt.exe
[2009/06/09 02:58:03 | 00,361,216 | ---- | M] (TuneUp Software) -- C:\windows\System32\TuneUpDefragService.exe
[2009/06/09 02:57:12 | 00,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2009/06/09 02:57:11 | 00,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2009/06/09 02:55:19 | 17,777,408 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Janet\Desktop\TU2009TrialEN-US.exe
[2009/06/09 01:51:28 | 00,000,004 | ---- | M] () -- C:\windows\System32\gxvxccount
[2009/06/09 01:25:08 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/06/09 01:25:00 | 00,002,626 | ---- | M] () -- C:\windows\System32\CONFIG.NT
[2009/06/09 01:23:06 | 35,272,712 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\setupeng.exe
[2009/06/08 23:56:47 | 00,000,262 | ---- | M] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/08 23:56:45 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2009/06/08 23:56:22 | 03,196,328 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\ventrilo-3.0.5-Windows-i386.exe
[2009/06/08 23:55:30 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\SwiftKit.lnk
[2009/06/08 23:54:37 | 03,630,342 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\SwiftKit(Install).exe
[2009/06/08 23:53:23 | 00,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[2009/06/08 23:52:30 | 02,024,544 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\TeamViewer_Setup.exe
[2009/06/06 14:26:17 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/06/06 13:09:00 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\CCleaner.lnk
[2009/06/05 17:42:23 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/31 16:53:41 | 00,000,566 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\Shortcut to Charlaine Harris.lnk
[2009/05/28 20:12:46 | 00,111,104 | ---- | M] () -- C:\Documents and Settings\Janet\My Documents\DVD Database.xls
[2009/05/27 20:56:41 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\Rooter.exe
[2009/05/25 18:48:59 | 19,387,336 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\Janet\My Documents\DivXInstaller.exe
[2009/05/25 17:38:02 | 00,028,673 | ---- | M] () -- C:\windows\System32\gxvxcwfnsnmxxkjuelixjynbnskoosneyfcah.dll
[2009/05/25 17:28:16 | 00,016,832 | ---- | M] () -- C:\windows\System32\amcompat.tlb
[2009/05/25 17:28:15 | 00,023,392 | ---- | M] () -- C:\windows\System32\nscompat.tlb
[2009/05/25 17:21:28 | 25,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Janet\My Documents\wmp11-windowsxp-x86-enu.exe
[2009/05/24 16:29:56 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Janet\My Documents\Survey Companies for Fern.doc
[2009/05/24 16:18:17 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\Microsoft Word.lnk
[2009/05/17 15:14:12 | 00,124,520 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2009/05/17 14:25:24 | 03,759,800 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Janet\My Documents\MSReaderSetupUSA.exe
[2009/05/17 09:22:36 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\µTorrent.lnk
[2009/05/17 09:21:40 | 00,274,224 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Janet\My Documents\utorrent.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 6598 bytes -> C:\Documents and Settings\Janet\Desktop\My Yahoo!.url:favicon
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BDE1AA6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

While scanning the "Modified within 30 days" two viruses from avast came up:
(These are in the chest)

Virus has been detected!
File Name: Media_Player_11_Plugin_2.3.exe
FileID: 5
Virus Description: Win32:Jifas-BA [Trj]

Virus has been detected!
File Name: MSIVXserv.sys
FileID: 4
Virus Description: Win32:Alureon-BQ [Rtk]

I also ran a scan with avast after posting this it found these:

File Name: C:\Documents and Settings\All Users\Documents\27 dresses dvd movie 2008 full.mpg
Malware Name: WMA:Wimad [Drp]
Malware Type: Dropper

File Name: C:\Documents and Settings\All Users\Documents\My Videos\03 Track 3.wma
Malware Name: WMA:Wimad [Drp]
Malware Type: Dropper

After about 10 minutes and it was at 4% complete, avast froze and i had to restart the computer as it completely locked up.

Edited by Wafflemonger, 09 June 2009 - 03:56 PM.

  • 0

Advertisements

#2
SpySentinel
Posted 12 June 2009 - 04:22 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Wafflemonger,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


Step #1

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O33 - MountPoints2\{4bbc1b5a-394d-11dc-b3f8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4bbc1b5a-394d-11dc-b3f8-806d6172696f}\Shell\AutoRun - "" = Auto&Play

:Files
C:\windows\System32\gxvxcwfnsnmxxkjuelixjynbnskoosneyfcah.dll
C:\windows\System32\gxvxccount
C:\windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\windows\System32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
C:\windows\System32\MSVolume.dll
C:\windows\System32\systeminfo3.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done


Step #2

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

  • 0

#3
Wafflemonger
Posted 12 June 2009 - 07:26 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
I'm unable to install the windows recovery console because it won't connect to the microsoft site...and i can't download combo fix and if i try to transfer it from a USB it refuses to run saying it wasn't downloaded from bleepingcomputer etc. and it uninstalls itself...saying to redownload from the proper site, but i can't get to those sites because it redirects to google...However i did do step 1.

Edited by Wafflemonger, 12 June 2009 - 07:30 PM.

  • 0

#4
SpySentinel
Posted 12 June 2009 - 07:55 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
You said you installed Malwarebytes correct?

Go ahead and run a scan and post the log here in a reply.
  • 0

#5
Wafflemonger
Posted 12 June 2009 - 08:37 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
Right well i transfered it through teamviewer and i got the combofix log, however the recovery thing couldn't install because it wouldn't let it.

ComboFix 09-06-12.02 - Janet 06/12/2009 21:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.375.140 [GMT -4:00]
Running from: c:\documents and settings\Janet\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090612-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Janet\Application Data\SpamBlocker
c:\windows\Downloaded Program Files\MyWebEx
c:\documents and settings\Janet\Application Data\inst.exe
c:\documents and settings\Janet\Favorites\Download programs.url
c:\documents and settings\Janet\Favorites\Translator.url
c:\documents and settings\Janet\Favorites\Videos.url
c:\documents and settings\Janet\Start Menu\Programs\Download programs.url
c:\program files\\setup.exe
c:\windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
c:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxcwfnsnmxxkjuelixjynbnskoosneyfcah.dll
c:\windows\system32\MSVolume.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GXVXCSERV.SYS
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-12 22:34 . 2009-06-12 22:34 -------- dc----w- C:\_OTL
2009-06-12 21:49 . 2009-06-12 21:49 -------- dc----w- c:\documents and settings\Janet\Application Data\COWON
2009-06-12 21:13 . 2009-06-12 21:14 -------- d-----w- c:\program files\Common Files\COWON
2009-06-12 21:13 . 2009-06-12 21:14 -------- d-----w- c:\program files\JetAudio
2009-06-12 21:10 . 2009-06-12 21:10 27214270 ----a-w- c:\program files\JAD7_BASIC.exe
2009-06-12 16:03 . 2009-06-12 16:11 28752673 ----a-w- c:\program files\SUPERsetup.exe
2009-06-12 15:30 . 2009-06-12 15:30 18722404 ----a-w- c:\program files\vlc-1.0.0-rc3-win32.exe
2009-06-12 15:24 . 2009-06-12 15:24 288048 ----a-w- c:\program files\utorrent-1.8.3-beta-15619.upx.exe
2009-06-12 15:02 . 2009-06-12 15:02 10315456 ----a-w- c:\program files\GoogleEarth-Win-Plus-5.0.11733.9347.exe
2009-06-12 14:53 . 2009-06-12 14:55 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Preview
2009-06-12 14:39 . 2009-06-12 14:39 8031944 ----a-w- c:\program files\Firefox Setup 3.5 Beta 99.exe
2009-06-12 14:24 . 2009-06-12 14:25 -------- d-----w- c:\program files\Crawler
2009-06-12 14:17 . 2009-06-12 14:17 646872 ----a-w- c:\program files\SpywareTerminatorSetup.exe
2009-06-12 14:13 . 2009-06-12 14:14 7658448 ----a-w- c:\program files\Shockwave_Installer_Full.exe
2009-06-12 12:39 . 2009-06-12 12:39 3371384 ----a-w- c:\program files\mbam-setup.exe
2009-06-12 12:37 . 2009-06-12 15:21 18871696 ----a-w- c:\program files\LimeWireWin.exe
2009-06-12 12:35 . 2009-06-12 12:35 1878888 ----a-w- c:\program files\install_flash_player_10.exe
2009-06-12 12:33 . 2009-06-12 12:33 7545512 ----a-w- c:\program files\Firefox Setup 3.0.11.exe
2009-06-12 12:31 . 2009-06-12 12:30 38208 ----a-w- c:\documents and settings\Janet\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-12 12:30 . 2009-06-12 12:30 15739760 ----a-w- c:\program files\AdobeAIRInstaller.exe
2009-06-12 12:28 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-12 12:26 . 2009-06-12 12:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-12 12:26 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-12 12:25 . 2009-06-12 12:25 -------- d-----w- c:\program files\Lavasoft
2009-06-12 12:22 . 2009-06-12 12:23 37452296 ----a-w- c:\program files\Ad-AwareAE.exe
2009-06-12 12:14 . 2009-06-12 12:14 -------- d-----w- c:\program files\filehippo.com
2009-06-12 12:14 . 2009-06-12 12:14 156882 ----a-w- c:\program files\FHSetup.exe
2009-06-09 21:20 . 2009-06-09 21:20 -------- d-----w- c:\program files\ERUNT
2009-06-09 21:07 . 2009-06-09 21:07 -------- dc----w- C:\Rooter$
2009-06-09 20:58 . 2009-06-09 20:58 -------- dc----w- c:\documents and settings\Janet\Application Data\Malwarebytes
2009-06-09 20:58 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 20:58 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 20:58 . 2009-06-09 20:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-09 20:58 . 2009-06-12 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 20:50 . 2009-06-09 20:50 -------- d-----w- c:\program files\Trend Micro
2009-06-09 20:47 . 2009-06-09 20:48 -------- d-----w- c:\program files\SpywareBlaster
2009-06-09 06:58 . 2009-06-09 06:58 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-09 06:58 . 2009-04-27 18:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-09 06:58 . 2009-06-09 06:58 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-09 06:57 . 2009-06-09 06:57 -------- dc----w- c:\documents and settings\Janet\Application Data\TuneUp Software
2009-06-09 06:56 . 2009-06-09 06:56 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-09 06:56 . 2009-06-09 06:58 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-09 06:55 . 2009-06-09 06:55 -------- dcsh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-09 05:25 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-09 05:25 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-09 05:25 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-09 05:25 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-09 05:25 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-09 05:25 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-09 05:25 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-09 05:25 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-09 05:24 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-09 05:24 . 2009-06-09 05:24 -------- d-----w- c:\program files\Alwil Software
2009-06-09 05:09 . 2009-06-09 05:09 -------- d-----w- c:\program files\Java
2009-06-09 03:56 . 2009-06-09 03:56 -------- d-----w- c:\program files\Ventrilo
2009-06-09 03:53 . 2009-06-09 03:53 -------- dc----w- c:\documents and settings\Janet\Application Data\TeamViewer
2009-06-09 03:53 . 2009-06-09 03:53 -------- d-----w- c:\program files\TeamViewer
2009-06-09 03:52 . 2009-06-09 03:52 -------- dc----w- c:\documents and settings\Janet\temp
2009-06-06 17:16 . 2006-08-01 19:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2009-06-06 17:15 . 2009-06-06 17:15 -------- d-----w- c:\program files\Realtek AC97
2009-06-06 17:15 . 2006-12-08 19:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2009-06-06 17:15 . 2007-04-16 19:28 577536 ----a-w- c:\windows\soundman.exe
2009-06-06 17:15 . 2006-10-18 06:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-06-06 17:14 . 2009-06-06 17:15 18734784 ----a-w- c:\program files\WDM_A406.exe
2009-06-06 17:07 . 2009-06-12 12:11 3247736 ----a-w- c:\program files\ccsetup220.exe
2009-06-06 04:09 . 2009-06-06 04:09 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-05-31 16:50 . 2009-05-31 16:50 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-05-27 14:03 . 2009-05-27 14:03 -------- d-----w- c:\documents and settings\Janet\Local Settings\Application Data\DNA
2009-05-27 14:03 . 2009-06-09 07:18 -------- dc----w- c:\documents and settings\Janet\Application Data\DNA
2009-05-27 14:03 . 2009-06-09 06:43 -------- d-----w- c:\program files\DNA
2009-05-25 22:34 . 2009-05-25 22:37 -------- dc----w- C:\divx
2009-05-25 21:39 . 2009-05-25 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-05-25 21:38 . 2009-05-25 21:38 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2009-05-25 21:38 . 2009-05-25 21:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-25 21:38 . 2009-05-25 21:38 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-05-25 21:38 . 2009-05-25 21:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-25 21:04 . 2009-05-25 21:04 -------- d-----w- c:\program files\Glary Registry Repair
2009-05-24 23:43 . 2009-05-25 22:27 -------- dc----w- c:\documents and settings\Janet\Application Data\DivX
2009-05-24 23:43 . 2009-05-24 23:44 -------- dc----w- c:\documents and settings\Janet\Application Data\Media Player Classic
2009-05-24 23:25 . 2009-05-24 23:26 -------- d-----w- c:\program files\Essentials Codec Pack
2009-05-24 22:32 . 2009-05-24 22:32 -------- d--h--w- c:\windows\PIF
2009-05-24 17:54 . 2009-05-24 18:34 -------- dc----w- C:\Temp
2009-05-24 17:48 . 2009-05-24 17:48 -------- d-----w- c:\program files\Xilisoft
2009-05-23 04:34 . 2009-05-27 23:12 -------- dc----w- c:\documents and settings\Janet\Application Data\dvdcss
2009-05-23 04:31 . 2009-05-23 04:31 -------- d-----w- c:\program files\VideoLAN
2009-05-22 02:43 . 2009-05-22 02:43 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-21 21:20 . 2009-05-21 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-05-20 18:23 . 2009-05-20 18:24 -------- d-----w- c:\program files\Common Files\LightScribe
2009-05-20 18:17 . 2009-05-20 18:17 -------- dc----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-20 18:17 . 2009-05-20 18:17 -------- d-----w- c:\program files\Nero
2009-05-20 17:34 . 2009-05-20 17:34 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-20 17:32 . 2009-05-20 17:32 -------- d-----w- c:\documents and settings\Janet\Local Settings\Application Data\Downloaded Installations
2009-05-20 01:16 . 2009-05-20 01:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Eyewitness News Alert
2009-05-17 18:25 . 2003-06-05 21:15 57436 ----a-w- c:\windows\DASShp.dll
2009-05-17 18:25 . 2009-05-17 18:26 -------- d-----w- c:\program files\Microsoft Reader
2009-05-17 16:51 . 2009-05-19 01:40 -------- dc----w- c:\documents and settings\Janet\Application Data\Azureus
2009-05-17 16:48 . 2009-05-20 03:04 -------- d-----w- c:\program files\Vuze
2009-05-17 16:24 . 2009-05-17 16:24 -------- dc----w- c:\documents and settings\Janet\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-17 13:22 . 2009-05-17 13:22 -------- d-----w- c:\program files\uTorrent
2009-05-17 13:21 . 2009-06-12 21:45 -------- dc----w- c:\documents and settings\Janet\Application Data\uTorrent
2009-05-16 02:41 . 2009-06-12 12:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-16 02:28 . 2009-05-16 02:34 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-16 02:28 . 2009-05-16 02:28 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 01:10 . 2008-07-01 16:06 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-12 22:38 . 2008-08-27 16:51 -------- d-----w- c:\program files\DivX
2009-06-12 21:13 . 2007-07-23 17:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 15:23 . 2009-04-25 14:23 -------- d-----w- c:\program files\LimeWire
2009-06-12 15:21 . 2007-08-10 21:55 -------- d-----w- c:\documents and settings\Janet\Application Data\LimeWire
2009-06-12 14:54 . 2008-02-27 17:00 -------- dc----w- c:\documents and settings\Janet\Application Data\Spyware Terminator
2009-06-12 14:45 . 2008-02-27 17:00 -------- dc----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-12 14:33 . 2008-02-27 17:00 -------- d-----w- c:\program files\Spyware Terminator
2009-06-12 14:23 . 2008-02-27 17:00 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-12 14:16 . 2007-07-25 22:11 -------- d-----w- c:\program files\Google
2009-06-12 12:25 . 2008-05-02 03:39 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-12 12:25 . 2008-05-02 03:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 07:03 . 2007-08-04 11:36 -------- d-----w- c:\program files\Yahoo!
2009-06-09 05:17 . 2007-08-11 13:19 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-09 05:09 . 2009-05-11 21:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 04:22 . 2009-03-03 04:05 -------- d-----w- c:\program files\SwiftKit
2009-06-09 03:55 . 2009-03-03 04:06 -------- dc----w- c:\documents and settings\All Users\Application Data\SwiftKit
2009-06-08 16:23 . 2008-03-30 03:38 -------- d-----w- c:\program files\Common Files\Eyewitness News Alert
2009-06-07 18:36 . 2008-06-20 15:09 -------- d-----w- c:\program files\RegScrubXP
2009-06-06 17:08 . 2007-08-04 11:35 -------- d-----w- c:\program files\CCleaner
2009-05-23 01:41 . 2007-09-04 00:54 -------- dc----w- c:\documents and settings\Janet\Application Data\Ahead
2009-05-20 18:23 . 2007-07-23 19:34 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-20 03:12 . 2007-07-23 19:33 -------- d-----w- c:\program files\Ahead
2009-05-20 01:15 . 2007-08-20 01:24 -------- dc----w- c:\documents and settings\All Users\Application Data\Kodak
2009-05-17 21:04 . 2007-07-23 17:26 20320 -c--a-w- c:\documents and settings\Janet\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 02:49 . 2008-06-10 22:31 -------- d-----w- c:\program files\3D Relief Screensaver
2009-05-13 21:00 . 2007-09-22 00:10 -------- d-----w- c:\program files\DVD Shrink
2009-05-11 21:28 . 2009-05-11 21:28 152576 ----a-w- c:\documents and settings\Janet\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-08 23:42 . 2008-06-02 19:57 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-08 19:59 . 2009-05-06 16:06 -------- d-----w- c:\program files\Registry_Cleaner_Pro
2009-05-04 15:36 . 2009-05-03 23:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-05-03 23:55 . 2009-05-03 23:47 -------- dc----w- c:\documents and settings\Janet\Application Data\ErrorFix
2009-05-02 16:03 . 2008-06-21 08:28 -------- dc----w- c:\documents and settings\Janet\Application Data\MP3Rocket
2009-04-23 16:56 . 2009-03-03 05:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-23 16:53 . 2008-03-05 23:20 -------- d-----w- c:\program files\Coupons
2009-04-10 17:41 . 2008-03-30 03:38 61440 -c--a-w- c:\windows\wnUninstall.exe
2008-09-10 03:31 . 2008-09-10 03:30 3915560 -c--a-w- c:\program files\MP3Rocket-Win-pro.exe
2008-07-15 23:07 . 2008-07-15 23:06 6820536 -c--a-w- c:\program files\FirefoxGoogleToolbarSetup.exe
2008-07-07 14:22 . 2008-07-05 19:27 1277680 -c--a-w- c:\program files\CouponBar.exe
2008-07-06 00:15 . 2008-07-06 00:15 1094021 -c--a-w- c:\program files\dvdshrink32setup1.zip
2008-07-03 21:19 . 2007-10-17 17:14 1277680 -c--a-w- c:\program files\CouponPrinter.exe
2008-07-01 15:59 . 2008-07-01 15:51 881664 -c--a-w- c:\program files\DigitalLockerAssistant_en.msi
2008-07-01 15:40 . 2008-07-01 15:40 497344 -c--a-w- c:\program files\optimize2-setup-1051.exe
2008-06-22 02:09 . 2008-06-22 02:08 1052992 -c--a-w- c:\program files\advrcntr2.zip
2008-06-13 15:46 . 2008-06-13 15:45 6039048 -c--a-w- c:\program files\Firefox Setup 2.0.0.14.exe
2008-06-12 21:52 . 2008-06-12 21:51 17124536 -c--a-w- c:\program files\AVSCoverEditor.exe
2008-06-10 22:35 . 2008-06-10 22:35 689238 -c--a-w- c:\program files\flowerz.zip
2008-06-10 22:31 . 2008-06-10 22:31 112333 -c--a-w- c:\program files\3drelief.exe
2008-06-03 22:57 . 2008-06-03 22:57 7056016 -c--a-w- c:\program files\DVDFab5025.exe
2008-06-03 21:22 . 2008-06-03 21:22 4328969 -c--a-w- c:\program files\burn4free_setup.exe
2008-06-03 21:04 . 2008-06-03 21:03 16448632 -c--a-w- c:\program files\speeditupFree.exe
2008-05-02 03:38 . 2008-05-02 03:38 21031280 -c--a-w- c:\program files\aaw2007.exe
2008-04-29 17:54 . 2008-03-24 18:41 11149800 -c--a-w- c:\program files\hstinst.exe
2008-04-14 15:27 . 2008-04-14 15:27 861024 -c--a-w- c:\program files\mypointsSetup.exe
2008-03-30 03:31 . 2008-03-30 03:31 72192 -c--a-w- c:\program files\Weather-Install.exe
2008-03-02 20:11 . 2008-03-02 20:11 43 -c--a-w- c:\program files\blank.gif
2008-03-02 20:11 . 2008-03-02 20:10 277616 -c--a-w- c:\program files\TheWeatherChannel_dw5_Stubmypoints.exe
2008-03-02 19:32 . 2008-03-02 19:32 2951802 -c--a-w- c:\program files\Easy Cleaner.exe
2008-02-29 16:04 . 2008-02-29 16:03 5029320 -c--a-w- c:\program files\SystemProtect_Setup.exe
2008-02-27 17:18 . 2008-02-27 17:11 17788920 -c--a-w- c:\program files\antivir_workstation_win7u_en_h.exe
2008-02-27 16:59 . 2008-02-27 16:58 9823864 -c--a-w- c:\program files\SpywareTerminator_Setup.exe
2008-02-26 16:13 . 2008-02-26 16:07 179616 -c--a-w- c:\program files\sr-setup.exe
2008-02-26 14:53 . 2008-02-26 14:53 1454656 -c--a-w- c:\program files\Silverlight.exe
2008-02-26 14:46 . 2007-11-18 17:13 5831160 -c--a-w- c:\program files\rminstall.exe
2008-02-08 14:38 . 2008-02-08 14:38 16955400 -c--a-w- c:\program files\sdsetup.exe
2008-01-27 16:33 . 2008-01-27 16:32 2368672 -c--a-w- c:\program files\Install Registry Defender.exe
2008-01-26 02:37 . 2008-01-26 02:37 3346944 -c--a-w- c:\program files\VersionTracker_Pro_Windows_4_0_cn0074.msi
2008-01-26 02:33 . 2008-01-26 02:11 26021874 -c--a-w- c:\program files\WDM_R185.zip
2008-01-26 00:22 . 2008-01-26 00:22 3852867 -c--a-w- c:\program files\drivermagic_inst.exe
2008-01-23 22:19 . 2008-01-23 21:10 202071 -c--a-w- c:\program files\RipIt4Me.zip
2008-01-12 16:57 . 2008-01-12 16:56 5418008 -c--a-w- c:\program files\bitcomet_setup.exe
2008-01-10 14:11 . 2008-01-10 14:11 878192 -c--a-w- c:\program files\BitTorrent-6.0.exe
2008-01-05 18:03 . 2008-01-05 18:03 7517141 -c--a-w- c:\program files\frostwire-4.13.4.windows.exe
2007-12-30 23:24 . 2007-12-30 23:24 2352632 -c--a-w- c:\program files\PhotoStreamer2Setup.exe
2007-12-30 18:00 . 2007-12-30 18:00 255000 -c--a-w- c:\program files\ZuneDevices.exe
2007-12-29 22:17 . 2007-12-29 22:17 398488 -c--a-w- c:\program files\switchsetup.exe
2007-11-25 01:13 . 2007-11-25 01:13 25755448 -c--a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2007-11-23 04:05 . 2007-11-23 04:05 21789 -c--a-w- c:\program files\windowsdump.bat
2007-11-23 03:47 . 2007-11-23 03:47 432688 -c--a-w- c:\program files\Installer.exe
2007-11-23 03:35 . 2007-11-23 03:35 1375806 -c--a-w- c:\program files\rrsetup.exe
2007-11-19 19:08 . 2007-11-19 19:08 8927864 -c--a-w- c:\program files\Windows-KB890830-x64-V1.35.exe
2007-11-18 17:09 . 2007-11-18 15:22 1364656 -c--a-w- c:\program files\tweakxputility.exe
2007-11-18 14:54 . 2007-11-18 14:54 610304 -c--a-w- c:\program files\TCPOptimizer.exe
2007-11-13 20:53 . 2007-11-13 20:53 1784512 -c--a-w- c:\program files\Common Files\defs.zip
2007-11-12 17:13 . 2007-11-12 17:13 2725528 -c--a-w- c:\program files\ccsetup202.exe
2007-11-03 19:53 . 2007-11-03 19:52 16892616 -c--a-w- c:\program files\setupeng.exe
2007-10-27 16:46 . 2007-10-27 16:46 8706680 -c--a-w- c:\program files\Windows-KB890830-V1.34.exe
2007-10-25 17:21 . 2007-10-12 19:06 53821 -c--a-w- c:\program files\MoveMediaPlayer_07074039.exe
2007-10-22 00:57 . 2007-10-22 00:57 2487168 -c--a-w- c:\program files\DVDFabHDDecrypter3210.exe
2007-10-09 04:18 . 2007-07-29 16:50 1305088 -c--a-w- c:\program files\Netflix_Movie_Viewer_Installer.msi
2007-09-04 00:37 . 2007-09-04 00:33 182131744 -c--a-w- c:\program files\Nero-7.10.1.0_eng_trial_wch.exe
2007-08-12 10:40 . 2007-08-12 10:40 6595776 -c--a-w- c:\program files\WalmartDigitalPhotoManager1.4.exe
2007-08-04 11:35 . 2007-08-04 11:33 2720456 -c--a-w- c:\program files\ccsetup141.exe
2007-07-28 12:46 . 2007-07-28 12:46 3467592 -c--a-w- c:\program files\BFINSTALL.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2009-04-06 146944]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-06-12 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-06-12 2174464]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]

c:\documents and settings\Janet\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless G Desktop Card Client Utility.lnk]
backup=c:\windows\pss\Belkin Wireless G Desktop Card Client Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Janet^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Janet^Start Menu^Programs^Startup^MP3 Rocket (Minimized).lnk]
backup=c:\windows\pss\MP3 Rocket (Minimized).lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SoundMan"=SOUNDMAN.EXE
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Janet\\My Documents\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Belkin\\PCI F5D700F\\Wireless Utility\\Belkinwcui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Janet\\Desktop\\spybotsd162.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11567:TCP"= 11567:TCP:BitComet 11567 TCP
"11567:UDP"= 11567:UDP:BitComet 11567 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/12/2009 8:28 AM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/9/2009 1:25 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/9/2009 1:25 AM 20560]
R3 als4k;Avance Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [7/24/2007 5:07 PM 28919]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.sys [7/24/2007 9:56 AM 303616]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 11:29 AM 118106]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 19:37]

2009-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{06206F48-BC9B-451C-B31E-EC15954979E3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Crawler Search - tbr:iemenu
Trusted Zone: safer-networking.org\www
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 21:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2d,ae,38,0b,ac,ef,45,74,90,4d,f3,bf,44,e6,55,cf,4c,d9,b1,a1,37,
df,fb,dc,6b,c0,d2,38,f5,d4,c7,77,1d,3e,51,e7,9b,3a,dc,dc,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{dd7b763d-e7f1-46a6-8d42-5d8b3599ca37}]
@Denied: (Full) (Everyone)
"Model"=dword:00000125
"Therad"=dword:0000002a
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\CF15232.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\TUProgSt.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-06-13 23:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-13 02:54

Pre-Run: 34,264,502,272 bytes free
Post-Run: 34,172,821,504 bytes free

415 --- E O F --- 2009-05-14 00:41

Combo fix log, I was able to update malwarebyte's after i ran combo fix. will post that in my next reply.

Edited by Wafflemonger, 12 June 2009 - 10:04 PM.

  • 0

#6
Wafflemonger
Posted 12 June 2009 - 11:30 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
Malwarebytes' Anti-Malware 1.37
Database version: 2270
Windows 5.1.2600 Service Pack 3

6/13/2009 1:29:42 AM
mbam-log-2009-06-13 (01-29-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 127225
Time elapsed: 45 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ExcellentAdDisplay (Adware.ExcellentAdDisplay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ExcellentAdDisplay.dll (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Janet\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\Application Data\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\quarantinew\2009-05-03 19-55-020 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\quarantinew\2009-05-03 19-55-020 (Rogue.ErrorFix) -> Files: 439 -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Janet\application data\spamblockerutility_icons\callwave1a.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\spamblockerutility_icons\Software_Online_8.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\spamblockerutility_icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\Logs\2009-05-03 19-47-160.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\Logs\2009-05-04 11-08-160.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\Logs\2009-06-05 17-17-560.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\Janet\application data\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
  • 0

#7
SpySentinel
Posted 13 June 2009 - 06:09 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Wafflemonger,

Glad to hear CF and MBAM both worked.


You are using peer-to-peer programs, specifically BitTorrent DNA, LimeWire, and uTorrent.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.



Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

  • 0

#8
Wafflemonger
Posted 14 June 2009 - 05:00 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
Well i did what you asked, but when i restarted, nothing will open now. It acts like it's going to, like an hour glass comes up but nothing happens....
  • 0

#9
SpySentinel
Posted 14 June 2009 - 05:50 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Did the scans complete and then you rebooted?
  • 0

#10
Wafflemonger
Posted 14 June 2009 - 05:52 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts

Did the scans complete and then you rebooted?

I ran the SUPERAntiSpyware scan like you said, it found 17 objects 2 trojan rest tracking cookies then it said it needed to restart, so i restarted and now nothing at all is opening on my computer.
  • 0

Advertisements

#11
SpySentinel
Posted 14 June 2009 - 05:54 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Please reboot and let me know if it still does not load.
  • 0

#12
Wafflemonger
Posted 14 June 2009 - 06:04 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
Alright that fixed it, instead of posting both logs seperate i'll post them at the same time, i'll get back to you.
  • 0

#13
SpySentinel
Posted 14 June 2009 - 06:05 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
ok Thanks Wafflemonger, Glad to hear a reboot worked.
  • 0

#14
Wafflemonger
Posted 14 June 2009 - 06:28 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/14/2009 at 06:33 PM

Application Version : 4.26.1004

Core Rules Database Version : 3938
Trace Rules Database Version: 1881

Scan type : Complete Scan
Total Scan Time : 01:22:21

Memory items scanned : 470
Memory threats detected : 0
Registry items scanned : 5752
Registry threats detected : 2
File items scanned : 50116
File threats detected : 15

Adware.Tracking Cookie
C:\Documents and Settings\Janet\Cookies\janet@tacoda[2].txt
C:\Documents and Settings\Janet\Cookies\[email protected][2].txt
C:\Documents and Settings\Janet\Cookies\[email protected][1].txt
C:\Documents and Settings\Janet\Cookies\[email protected][2].txt
C:\Documents and Settings\Janet\Cookies\janet@peoplefinders[1].txt
C:\Documents and Settings\Janet\Cookies\janet@clicktorrent[2].txt
C:\Documents and Settings\Janet\Cookies\janet@adultfriendfinder[2].txt
C:\Documents and Settings\Janet\Cookies\janet@hornymatches[2].txt
C:\Documents and Settings\Janet\Cookies\janet@toplist[2].txt
C:\Documents and Settings\Janet\Cookies\[email protected][1].txt
C:\Documents and Settings\Janet\Cookies\janet@redhousebanner[1].txt
C:\Documents and Settings\Janet\Cookies\[email protected][1].txt
C:\Documents and Settings\Janet\Cookies\[email protected][1].txt
C:\Documents and Settings\Janet\Cookies\janet@xiti[1].txt
C:\Documents and Settings\Janet\Cookies\[email protected][2].txt

Trojan.Unknown Origin
HKU\.DEFAULT\Software\ColdWare
HKU\S-1-5-18\Software\ColdWare



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, June 15, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 15, 2009 02:55:58
Records in database: 2344150
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 52346
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:46:56


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcwfnsnmxxkjuelixjynbnskoosneyfcah.dll.vir Infected: Trojan-Spy.Win32.Agent.avxi 1

The selected area was scanned.


There are both logs you requested.

Edited by Wafflemonger, 15 June 2009 - 09:13 AM.

  • 0

#15
SpySentinel
Posted 16 June 2009 - 01:41 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP