Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help my computer is slow


  • Please log in to reply

#1
legotech

legotech

    New Member

  • Member
  • Pip
  • 1 posts
Can anyone show me how to fix my computer? it's been really slow lately. I ran some scans

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4070

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/6/2010 12:55:25 AM
mbam-log-2010-05-06 (00-55-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 154735
Time elapsed: 1 hour(s), 11 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\BitDownload (Trojan.Swizzor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://bing.zugo.com/?cfg=2-76-0-VRld
) Good: (http://www.google.com) -> No action taken.

Folders Infected:
C:\Documents and Settings\Brian Wong\Start Menu\Programs\BitDownload (Trojan.Swizzor) -> No action taken.

Files Infected:
C:\Documents and Settings\Brian Wong\Desktop\VLCSetup.exe (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\Brian Wong\My Documents\Downloads\FLVDirect(2).exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brian Wong\My Documents\Downloads\FLVDirect.exe (Adware.DoubleD) -> No action taken.
C:\System Volume Information\_restore{0F80A1A1-A717-4231-94D0-2A4CB9C1354A}\RP473\A0104052.dll (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{0F80A1A1-A717-4231-94D0-2A4CB9C1354A}\RP483\A0107135.dll (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{0F80A1A1-A717-4231-94D0-2A4CB9C1354A}\RP483\A0107148.dll (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{0F80A1A1-A717-4231-94D0-2A4CB9C1354A}\RP484\A0107167.dll (Adware.BHO) -> No action taken.
C:\Documents and Settings\Brian Wong\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Swizzor) -> No action taken.

OTL logfile created on: 5/6/2010 1:19:11 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Brian Wong\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 569.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.05 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN-JXNPEQRVU
Current User Name: Brian Wong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/06 01:19:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian Wong\My Documents\Downloads\OTL.exe
PRC - [2010/03/31 21:01:45 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/08/13 21:39:36 | 000,536,576 | ---- | M] () -- C:\WINNT\Samsung\PanelMgr\SSMMgr.exe
PRC - [2007/04/16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINNT\soundman.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 01:19:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian Wong\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 01:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (npkcmsvc)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/08/04 01:56:58 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/10/07 01:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/04/25 17:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/06/11 21:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/02/17 12:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 12:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NVENETFD.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bing.zugo.com/?cfg=2-76-0-VRld
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bing.zugo.com/?cfg=2-76-0-VRbC

IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/04 20:10:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 21:01:55 | 000,000,000 | ---D | M]

[2009/04/11 18:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Wong\Application Data\Mozilla\Extensions
[2009/04/11 18:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Wong\Application Data\Mozilla\Extensions\[email protected]
[2010/05/05 22:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Wong\Application Data\Mozilla\Firefox\Profiles\tu8pj9tf.default\extensions
[2009/09/08 08:50:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Brian Wong\Application Data\Mozilla\Firefox\Profiles\tu8pj9tf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/24 18:42:10 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Brian Wong\Application Data\Mozilla\Firefox\Profiles\tu8pj9tf.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2009/01/01 16:54:08 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\Brian Wong\Application Data\Mozilla\Firefox\Profiles\tu8pj9tf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/01/01 16:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brian Wong\Application Data\Mozilla\Firefox\Profiles\tu8pj9tf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2009/09/16 21:50:19 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Brian Wong\Application Data\Mozilla\Firefox\Profiles\tu8pj9tf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/04/02 17:43:33 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Application Data\Mozilla\Firefox\Profiles\tu8pj9tf.default\searchplugins\aim-search.xml
[2010/04/24 18:42:24 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Application Data\Mozilla\Firefox\Profiles\tu8pj9tf.default\searchplugins\bing-ff.xml
[2010/05/05 23:30:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/11 03:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/06/18 15:59:41 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([1999/12/07 08:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINNT\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINNT\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Aim6] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINNT\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINNT\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/31 00:51:21 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{390a41ac-d9b8-11dd-99cf-00e04d0937a5}\Shell - "" = AutoRun
O33 - MountPoints2\{390a41ac-d9b8-11dd-99cf-00e04d0937a5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{390a41ac-d9b8-11dd-99cf-00e04d0937a5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{390a41ad-d9b8-11dd-99cf-00e04d0937a5}\Shell - "" = AutoRun
O33 - MountPoints2\{390a41ad-d9b8-11dd-99cf-00e04d0937a5}\Shell\Auto\command - "" = serivces.exe
O33 - MountPoints2\{390a41ad-d9b8-11dd-99cf-00e04d0937a5}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINNT\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINNT\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINNT\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/05 23:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Wong\Application Data\Malwarebytes
[2010/05/05 23:37:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/05/05 23:37:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/05/05 23:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/05 23:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/05 23:35:32 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINNT\System32\drivers\pavboot.sys
[2010/05/05 23:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/04/26 20:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Wong\Desktop\wvs
[2010/04/24 18:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/04/24 18:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2010/04/14 22:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[1 C:\Documents and Settings\Brian Wong\My Documents\*.tmp files -> C:\Documents and Settings\Brian Wong\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/06 01:14:07 | 000,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 01:14:06 | 000,194,137 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2010/05/06 01:14:02 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/05/06 01:14:00 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/05/06 01:12:42 | 004,386,816 | ---- | M] () -- C:\Documents and Settings\Brian Wong\NTUSER.DAT
[2010/05/06 00:42:03 | 000,000,886 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 23:37:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/05 20:26:35 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/05/05 00:26:25 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongMay 4.doc
[2010/05/04 20:48:35 | 000,124,523 | ---- | M] () -- C:\WINNT\War3Unin.dat
[2010/04/30 01:03:33 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 29.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/04/28 21:38:48 | 000,000,065 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Config.ini
[2010/04/28 00:20:50 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 27.doc
[2010/04/27 00:17:05 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Steven_Lin.doc
[2010/04/26 22:54:50 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 26.doc
[2010/04/26 06:46:37 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 25.doc
[2010/04/26 00:18:24 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\llmingunltdll is available.doc
[2010/04/24 22:29:09 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/04/22 22:41:52 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Brian Wong\My Documents\Brian WongApril 22.doc
[2010/04/22 00:28:17 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\aDRfdfS.doc
[2010/04/21 23:05:21 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 20dd.doc
[2010/04/21 20:59:07 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 21.doc
[2010/04/21 20:36:10 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 20assaaas.doc
[2010/04/21 09:55:00 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 20.doc
[2010/04/20 07:01:29 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian Wong April 19 2010mk.doc
[2010/04/20 00:37:08 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Brian Wong\My Documents\Brian WongApril 19 2010.doc
[2010/04/18 13:40:12 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\Chapter 30 outline.doc
[2010/04/15 23:32:03 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\gjhghj.doc
[2010/04/12 23:43:49 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\english marx.doc
[2010/04/06 21:56:36 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\Brian Wong\Desktop\ch_27_ap_us.doc
[1 C:\Documents and Settings\Brian Wong\My Documents\*.tmp files -> C:\Documents and Settings\Brian Wong\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/05 23:37:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/05 00:26:24 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongMay 4.doc
[2010/04/30 01:03:33 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 29.doc
[2010/04/28 00:20:50 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 27.doc
[2010/04/26 22:54:50 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 26.doc
[2010/04/26 21:18:15 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Steven_Lin.doc
[2010/04/26 20:08:57 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Config.ini
[2010/04/25 19:34:14 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 25.doc
[2010/04/25 10:50:04 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\llmingunltdll is available.doc
[2010/04/22 22:41:52 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Brian Wong\My Documents\Brian WongApril 22.doc
[2010/04/22 20:22:32 | 001,135,616 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\wvs.exe
[2010/04/22 00:28:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\aDRfdfS.doc
[2010/04/21 20:59:07 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 21.doc
[2010/04/21 20:36:10 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 20assaaas.doc
[2010/04/21 10:31:49 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 20dd.doc
[2010/04/21 09:55:00 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian WongApril 20.doc
[2010/04/20 07:01:29 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Brian Wong April 19 2010mk.doc
[2010/04/20 00:37:08 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Brian Wong\My Documents\Brian WongApril 19 2010.doc
[2010/04/18 13:40:12 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\Chapter 30 outline.doc
[2010/04/15 23:32:02 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\gjhghj.doc
[2010/04/12 23:43:49 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\english marx.doc
[2010/04/06 18:57:09 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Brian Wong\Desktop\number 5!.doc
[2010/01/19 01:56:56 | 000,000,013 | ---- | C] () -- C:\WINNT\System32\poin2.ini
[2009/09/03 03:17:14 | 000,082,944 | -H-- | C] () -- C:\WINNT\System32\1ba1dc34.dll
[2009/04/02 21:53:39 | 000,138,328 | ---- | C] () -- C:\WINNT\System32\drivers\PnkBstrK.sys
[2009/02/16 21:02:38 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\ieencode.dll
[2009/01/04 08:44:37 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2009/01/03 10:18:22 | 000,000,626 | ---- | C] () -- C:\WINNT\ODBC.INI
[2008/12/31 22:58:27 | 000,147,456 | ---- | C] () -- C:\WINNT\System32\RtlCPAPI.dll
[2008/12/31 01:57:26 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINNT\System32\dtu100.dll.manifest
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINNT\System32\dpl100.dll.manifest
[2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\DivXWMPExtType.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINNT\System32\physxcudart_20.dll
[2006/03/31 21:54:00 | 001,703,936 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2006/03/31 21:54:00 | 001,486,848 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2006/03/31 21:54:00 | 001,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2006/03/31 21:54:00 | 000,573,440 | ---- | C] () -- C:\WINNT\System32\nvhwvid.dll
[2006/03/31 21:54:00 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2006/03/31 21:54:00 | 000,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[2002/08/29 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINNT\System32\drivers\secdrv.sys
[1999/12/07 08:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/09/25 06:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 06:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

< End of report >

OTL Extras logfile created on: 5/6/2010 1:19:11 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Brian Wong\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 569.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.05 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN-JXNPEQRVU
Current User Name: Brian Wong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58724:TCP" = 58724:TCP:*:Enabled:Pando Media Booster
"58724:UDP" = 58724:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"10657:TCP" = 10657:TCP:*:Enabled:BitComet 10657 TCP
"10657:UDP" = 10657:UDP:*:Enabled:BitComet 10657 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58724:TCP" = 58724:TCP:*:Enabled:Pando Media Booster
"58724:UDP" = 58724:UDP:*:Enabled:Pando Media Booster
"6115:TCP" = 6115:TCP:*:Enabled:Warcraft 3
"6115:UDP" = 6115:UDP:*:Enabled:Warcraft3

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Nexon\MapleStory\MapleStory.exe" = C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory -- File not found
"C:\Program Files\Warcraft III\Frozen Throne.exe" = C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C09DB99-F67A-4848-9079-0B5E216AD134}" = BIOS Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Search" = AIM Search
"AIM_6" = AIM 6
"BitComet" = BitComet 1.07
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cross Fire_is1" = Cross Fire En
"Garena" = Garena 2010
"Google Chrome" = Google Chrome
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarkelSoft iPlayAnywhere for iTunes 7.0" = MarkelSoft iPlayAnywhere for iTunes 7.0
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung ML-2510 Series" = Samsung ML-2510 Series
"Search Toolbar" = Search Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/8/2010 9:07:15 PM | Computer Name = BRIAN-JXNPEQRVU | Source = Application Error | ID = 1000
Description = Faulting application war3.exe, version 1.20.4.6074, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 4/28/2010 10:49:27 PM | Computer Name = BRIAN-JXNPEQRVU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2010 10:49:27 PM | Computer Name = BRIAN-JXNPEQRVU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2010 10:49:31 PM | Computer Name = BRIAN-JXNPEQRVU | Source = Application Hang | ID = 1001
Description = Fault bucket 1765894641.

Error - 4/28/2010 10:49:32 PM | Computer Name = BRIAN-JXNPEQRVU | Source = Application Hang | ID = 1001
Description = Fault bucket 1765894641.

Error - 4/28/2010 10:58:49 PM | Computer Name = BRIAN-JXNPEQRVU | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 4/28/2010 10:58:49 PM | Computer Name = BRIAN-JXNPEQRVU | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 5/4/2010 8:09:07 PM | Computer Name = BRIAN-JXNPEQRVU | Source = Application Error | ID = 1000
Description = Faulting application helpctr.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00650020.

Error - 5/4/2010 8:11:15 PM | Computer Name = BRIAN-JXNPEQRVU | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 5/4/2010 8:11:15 PM | Computer Name = BRIAN-JXNPEQRVU | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

[ System Events ]
Error - 5/6/2010 1:07:30 AM | Computer Name = BRIAN-JXNPEQRVU | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/6/2010 1:07:30 AM | Computer Name = BRIAN-JXNPEQRVU | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/6/2010 1:07:30 AM | Computer Name = BRIAN-JXNPEQRVU | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/6/2010 1:07:30 AM | Computer Name = BRIAN-JXNPEQRVU | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/6/2010 1:07:30 AM | Computer Name = BRIAN-JXNPEQRVU | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 5/6/2010 1:07:30 AM | Computer Name = BRIAN-JXNPEQRVU | Source = Service Control Manager | ID = 7034
Description = The PnkBstrB service terminated unexpectedly. It has done this 1
time(s).

Error - 5/6/2010 1:07:30 AM | Computer Name = BRIAN-JXNPEQRVU | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/6/2010 1:07:30 AM | Computer Name = BRIAN-JXNPEQRVU | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 5/6/2010 1:14:14 AM | Computer Name = BRIAN-JXNPEQRVU | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 5/6/2010 1:14:14 AM | Computer Name = BRIAN-JXNPEQRVU | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2


< End of report >

thank you!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,310 posts
  • MVP
When you ran MBAM (step 1 in the guide) you did not finish correctly:

# When the scan is complete, click OK, then Show Results to view the results.
# Be sure that everything is checked, and click Remove Selected. <===

Run it again. This time do a FULL SCAN (will take about an hour) and don't forget to:

# When the scan is complete, click OK, then Show Results to view the results.
# Be sure that everything is checked, and click Remove Selected.

Post that log when done then let's do combofix:


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP