Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware Secretly Overtaking System CPU

Started by Tylinos , Aug 23 2010 07:55 AM

This topic is locked

#1
Tylinos

Posted 23 August 2010 - 07:55 AM

Member

Member
78 posts

Last night, my computer began to experience major slowdown. Upon checking Windows Task Manager, I noticed something very odd. The System Idle Processes CPU count was not nearly matching up with the amount of remaining space it should have when compared to the CPU Usage percentage. For example, if System Idle Processes was at 80, the current CPU usage would say something like 44%, when it should be around 20%, and the currently used CPU for other processes would be around the 20% instead of the 44%. The CPU usage percent was always much higher than it should be, except occasionally when idle. When doing anything even somewhat memory-intensive, the computer would undergo that major slowdown, with the used CPU somehow being at 99 or 100%, when everything else didn't come close to adding up to 100.

Nothing like this had ever happened to me before, and this impossible extra CPU usage started just when the massive slowdown started, so I can only think it's caused by some form of malware. If it's being caused by something else, I'm sorry for taking up your time, but I honestly have no other ideas on what it could be unless something terrible suddenly happened to my computer memory while the computer was in use.

I was unable to get a GMER log, as about an hour and a half into the GMER scan, the computer crashed to a blue screen, and I'm afraid that trying again will do the same thing again.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

8/23/2010 7:24:56 AM
mbam-log-2010-08-23 (07-24-56).txt

Scan type: Quick Scan
Objects scanned: 93178
Time elapsed: 22 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 8/23/2010 9:28:49 AM - Run 4
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Tyler Thomas\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 554.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.11 Gb Total Space | 2.93 Gb Free Space | 4.37% Space Free | Partition Type: NTFS
Drive D: | 7.39 Gb Total Space | 1.00 Gb Free Space | 13.49% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TYLERTHOMAS
Current User Name: Tyler Thomas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/23 09:28:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler Thomas\Desktop\OTL.exe
PRC - [2009/11/25 09:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1150228820\EE\aolsoftware.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/12/08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005/12/07 14:56:56 | 000,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/09/24 04:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/07/12 06:17:50 | 000,054,872 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\shellmon.exe
PRC - [2005/07/08 18:16:16 | 000,483,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe
PRC - [2004/11/19 13:54:58 | 000,037,464 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\waol.exe
PRC - [2004/10/18 17:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 16:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2003/12/22 08:38:40 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

========== Modules (SafeList) ==========

MOD - [2010/08/23 09:28:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler Thomas\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/07/01 20:43:10 | 000,098,304 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSSkt.Dll
MOD - [2004/08/04 04:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (windefend)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/07/01 19:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TYLERT~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TYLERT~1\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2009/11/13 00:07:47 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/06/22 03:44:58 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/06/13 16:02:03 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/28 05:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 18:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/30 07:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 05:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 05:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 06:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 05:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/07/14 12:33:58 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/06/19 16:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/05 14:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 14:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 19:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/12/04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/04/03 14:00:30 | 000,995,456 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcleMBox.sys -- (PinnacleMovieBox)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 04:08:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 04:08:20 | 000,000,000 | ---D | M]

[2010/04/21 16:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\Mozilla\Extensions
[2010/08/22 18:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\Mozilla\Firefox\Profiles\s2bi39ec.default\extensions
[2010/07/14 05:06:04 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\Tyler Thomas\Application Data\Mozilla\Firefox\Profiles\s2bi39ec.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/07/28 03:55:32 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tyler Thomas\Application Data\Mozilla\Firefox\Profiles\s2bi39ec.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/22 18:03:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/07/25 08:08:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150228820\EE\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\mcregwiz.exe ()
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\America Online 9.0\aol.exe (America Online, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tyler Thomas\My Documents\BBS Stuff\P4 Group Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tyler Thomas\My Documents\BBS Stuff\P4 Group Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/23 09:28:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tyler Thomas\Desktop\OTL.exe
[2010/08/23 09:09:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/23 06:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/23 06:50:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\erunt_setup.exe
[2010/07/12 01:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010/07/02 21:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Thomas\Application Data\MP3SkypeRecorder
[2010/07/02 21:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Thomas\Local Settings\Application Data\Alexander_Nikiforov
[2010/07/02 21:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Skype Recorder
[2010/06/26 14:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 90 Days ==========

[2010/08/23 09:28:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler Thomas\Desktop\OTL.exe
[2010/08/23 09:15:54 | 000,051,334 | ---- | M] () -- C:\VETlog.dmp
[2010/08/23 09:15:27 | 000,000,630 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/23 09:12:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/23 09:10:40 | 000,000,297 | ---- | M] () -- C:\hpqp.ini
[2010/08/23 09:10:35 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/08/23 09:10:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/23 09:09:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/23 09:09:45 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 07:27:33 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\gmer.zip
[2010/08/23 06:53:10 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\NTREGOPT.lnk
[2010/08/23 06:53:10 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\ERUNT.lnk
[2010/08/23 06:50:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\erunt_setup.exe
[2010/08/23 06:43:01 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/23 06:43:00 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/23 06:42:52 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/23 06:27:43 | 014,417,920 | -H-- | M] () -- C:\Documents and Settings\Tyler Thomas\NTUSER.DAT
[2010/08/23 06:27:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tyler Thomas\ntuser.ini
[2010/08/11 20:45:43 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/07/14 21:49:28 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/07/12 01:20:14 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\YouTube Downloader.lnk
[2010/07/12 01:19:17 | 003,229,546 | ---- | M] () -- C:\YouTubeDownloaderSetup256.exe
[2010/07/08 21:46:32 | 000,007,922 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Application Data\wklnhst.dat
[2010/07/03 04:15:42 | 000,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/02 21:08:38 | 000,002,016 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\MP3 Skype Recorder.lnk
[2010/06/30 21:17:34 | 000,015,258 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\.recently-used.xbel
[2010/06/26 14:44:27 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

========== Files Created - No Company Name ==========

[2010/08/23 07:28:05 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Tyler Thomas\Desktop\gmer.exe
[2010/08/23 07:27:29 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Tyler Thomas\Desktop\gmer.zip
[2010/08/23 06:53:10 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Tyler Thomas\Desktop\NTREGOPT.lnk
[2010/08/23 06:53:10 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tyler Thomas\Desktop\ERUNT.lnk
[2010/07/12 01:20:14 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Tyler Thomas\Desktop\YouTube Downloader.lnk
[2010/07/12 01:18:57 | 003,229,546 | ---- | C] () -- C:\YouTubeDownloaderSetup256.exe
[2010/07/02 21:08:38 | 000,002,016 | ---- | C] () -- C:\Documents and Settings\Tyler Thomas\Desktop\MP3 Skype Recorder.lnk
[2010/06/30 21:17:34 | 000,015,258 | ---- | C] () -- C:\Documents and Settings\Tyler Thomas\.recently-used.xbel
[2009/11/13 00:07:46 | 000,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/25 00:39:19 | 000,007,922 | ---- | C] () -- C:\Documents and Settings\Tyler Thomas\Application Data\wklnhst.dat
[2008/09/30 23:46:30 | 000,001,004 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/11/12 14:52:06 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/11 14:49:09 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/23 19:34:47 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/23 19:34:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/08/25 19:59:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/07/13 22:50:28 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2006/07/13 22:50:28 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2006/07/03 20:46:34 | 000,000,737 | ---- | C] () -- C:\WINDOWS\WIN98W~1.INI
[2006/06/19 14:57:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/06/15 16:17:37 | 000,000,045 | ---- | C] () -- C:\WINDOWS\VgsPlayer.INI
[2006/06/14 19:59:48 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Tyler Thomas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/13 22:59:29 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Tyler Thomas\Local Settings\Application Data\fusioncache.dat
[2006/02/16 06:39:42 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/16 06:36:04 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/16 06:19:18 | 000,000,032 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/16 06:04:54 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/16 06:02:30 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 06:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/22 14:40:06 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/11/13 01:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2006/02/16 06:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007/04/21 08:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/01/11 15:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/06/03 06:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/05/24 16:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\.BitTornado
[2010/07/16 21:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\.purple
[2006/06/14 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\Aim
[2009/11/13 02:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\DAEMON Tools Pro
[2006/09/23 21:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\G-Force
[2010/06/30 21:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\gtk-2.0
[2006/06/14 17:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\Leadertech
[2006/06/30 19:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\Lionhead Studios
[2007/03/28 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\Miranda
[2010/07/02 21:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\MP3SkypeRecorder
[2009/02/14 23:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\Netscape
[2007/03/28 00:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\Opera
[2008/11/25 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\Template
[2007/10/07 04:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Thomas\Application Data\Viewpoint

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/11/23 17:59:52 | 021,216,112 | ---- | M] () -- C:\aaw2007.exe
[2007/11/23 18:12:09 | 000,000,373 | ---- | M] () -- C:\aaw7boot.log
[2006/06/13 16:13:56 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/06/13 16:13:56 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2007/10/06 01:50:17 | 002,228,534 | ---- | M] ( ) -- C:\audacity-win-1.2.6.exe
[2006/09/23 21:31:00 | 001,639,408 | ---- | M] () -- C:\Back to the Future Trilogy.wmz
[2006/10/25 00:53:05 | 004,308,596 | ---- | M] () -- C:\BitTornado-0.3.17-w32install.exe
[2009/07/10 16:00:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/10/21 06:01:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/08/17 13:48:55 | 000,017,768 | ---- | M] () -- C:\ComboFix.txt
[2008/10/21 00:19:58 | 035,113,704 | ---- | M] (Microsoft Corporation) -- C:\directx_9c_redist.exe
[2006/10/22 17:14:19 | 000,003,884 | ---- | M] () -- C:\dmg2iso.pl
[2006/10/22 17:14:35 | 000,012,586 | ---- | M] () -- C:\dmg2iso.zip
[2006/10/22 18:09:38 | 000,021,016 | ---- | M] () -- C:\DMG2ISOS.zip
[2009/06/21 05:55:56 | 023,510,720 | ---- | M] (Microsoft Corporation) -- C:\dotnetfx.exe
[2009/02/10 01:18:02 | 000,302,928 | ---- | M] (Microsoft Corporation) -- C:\dxwebsetup.exe
[2010/08/23 06:50:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\erunt_setup.exe
[2006/09/23 21:49:34 | 003,320,928 | ---- | M] () -- C:\G-Force_356_WMP.exe
[2001/09/05 22:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2010/08/23 09:09:45 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 09:10:40 | 000,000,297 | ---- | M] () -- C:\hpqp.ini
[2008/10/23 01:22:00 | 001,851,544 | ---- | M] (Adobe Systems Incorporated) -- C:\install_flash_player.exe
[2006/07/13 17:23:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/10/22 17:51:19 | 002,675,245 | ---- | M] () -- C:\isobuster_all_lang.zip
[2009/07/19 06:29:17 | 000,008,100 | ---- | M] () -- C:\JavaRa.log
[2009/07/19 06:34:03 | 016,254,360 | ---- | M] (Sun Microsystems, Inc.) -- C:\jre-6u14-windows-i586.exe
[2009/07/26 13:53:33 | 000,004,084 | ---- | M] () -- C:\Kapersky1.html
[2009/07/26 13:54:07 | 000,001,519 | ---- | M] () -- C:\Kapersky1.txt
[2009/07/19 12:41:03 | 000,001,795 | ---- | M] () -- C:\Kaspersky.txt
[2009/10/21 07:35:16 | 000,001,096 | ---- | M] () -- C:\mbam-log-2009-10-21 (07-35-08).txt
[2007/03/28 21:47:08 | 001,149,405 | ---- | M] () -- C:\miranda-im-v0.6.8-unicode.exe
[2006/07/13 17:23:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2004/08/04 04:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2009/03/15 12:40:53 | 001,091,264 | ---- | M] (Xiph.Org) -- C:\oggcodecs_0.81.15562-win32.exe
[2007/03/28 00:30:18 | 004,905,032 | ---- | M] (Opera Software ASA ) -- C:\Opera_9.10_Eng_Setup.exe
[2009/07/28 08:49:26 | 000,063,198 | ---- | M] () -- C:\OTL.Txt
[2010/08/23 09:09:18 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2008/01/29 22:27:14 | 000,310,318 | ---- | M] () -- C:\peercast-VP0026.zip
[2009/09/04 18:49:37 | 014,410,060 | ---- | M] () -- C:\pidgin-2.6.1.exe
[2007/03/02 17:15:49 | 019,666,504 | ---- | M] (Apple Computer, Inc.) -- C:\QuickTimeInstaller.exe
[2006/12/18 23:50:29 | 002,353,742 | ---- | M] () -- C:\QXpressSetup_1.1.8.exe
[2006/10/22 17:08:10 | 002,666,654 | ---- | M] () -- C:\Setup_MagicISO.exe
[2009/07/10 03:55:18 | 094,483,554 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
[2006/09/23 21:44:10 | 007,162,291 | ---- | M] () -- C:\trackWithPlayer.zip
[2007/03/28 01:21:25 | 009,000,041 | ---- | M] () -- C:\trillian-v3[1].1.exe
[2006/10/22 17:22:36 | 003,122,858 | ---- | M] (EZB Systems, Inc. ) -- C:\uiso8_pe.exe
[2007/03/17 17:33:30 | 000,252,416 | ---- | M] () -- C:\uninstall_flash_player.exe
[2010/08/23 09:15:54 | 000,051,334 | ---- | M] () -- C:\VETlog.dmp
[2010/08/23 09:15:54 | 002,477,150 | ---- | M] () -- C:\VETlog.txt
[2009/06/21 05:51:28 | 003,586,953 | ---- | M] (Farside Inc. ) -- C:\vixybeta_install_0.8.1.exe
[2006/07/02 15:34:51 | 006,206,440 | ---- | M] (Nullsoft, Inc.) -- C:\winamp524_full_emusic-7plus.exe
[2006/11/09 16:03:19 | 025,752,376 | ---- | M] (Microsoft Corporation) -- C:\wmp11-windowsxp-x86-enu.exe
[2007/03/17 17:43:46 | 002,514,784 | ---- | M] () -- C:\wmpy_flv_player_pc.zip
[2010/08/23 09:10:35 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2006/12/23 19:32:52 | 000,643,711 | ---- | M] (XviD team ) -- C:\XviD-1.1.0-30122005.exe
[2007/09/22 15:23:18 | 000,642,796 | ---- | M] (Xvid team ) -- C:\XviD-1.1.3-28062007.exe
[2010/07/12 01:19:17 | 003,229,546 | ---- | M] () -- C:\YouTubeDownloaderSetup256.exe

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >
[2005/09/24 04:49:16 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2004/08/07 08:57:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2006/08/25 19:59:46 | 000,192,000 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\screensaver-800x600.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/07 01:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 01:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/08/07 08:58:34 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/06/13 23:04:08 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Tyler Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/07 09:04:04 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/08/15 13:35:54 | 003,124,187 | R--- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\abcd.exe
[2009/08/15 11:54:18 | 003,124,187 | R--- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\Combo-Fix.exe
[2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\gmer.exe
[2010/08/23 09:28:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler Thomas\Desktop\OTL.exe
[2009/08/15 14:31:03 | 000,102,148 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\SystemLook.exe
[2009/07/19 04:52:09 | 000,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler Thomas\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-10-01 04:25:11
< End of report >

#2
Rorschach112

Posted 23 August 2010 - 07:58 AM

Ralphie

Retired Staff
47,710 posts

Please download WVCheck by Artellos from one of the mirrors below;

Artellos.com (exe)
Artellos.com (zip)
After the download, run WVCheck.exe
As indicated by the prompt, This program can take a while depending on your hard drive space.
Once the program is done, copy the contents of the notepad file as a reply.

Download CKScanner from here

Important : Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

#3
Tylinos

Posted 23 August 2010 - 08:35 AM

Member

Topic Starter
Member
78 posts

Windows Validation Check
Version: 1.8.8.3
Log Created On: 1027_23-08-2010
------------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 2
Windows Mode: Normal

WVCheck's Auto Update Check
-----------------------
WVCheck could not read the Auto-Update Option.
------------------------------
Last Success Time for Update Detection: 2010-08-22 18:01:28
Last Success Time for Update Download: 2010-08-11 00:51:40
Last Success Time for Update Installation: 2009-10-01 04:25:11

WVCheck's File Dump
-------------------
WVCheck found no known bad files.

WVCheck's Dir Dump
-------------------
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
Size: 0 bytes
Matched: *Genuine?Advantage*
------------------------------

WVCheck's Missing File Check
-------------------
WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check
-------------------
There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-------------------
user32.dll - b409909f6e2e8a7067076ed748abf1e7

-------- End of File, program close at 1033_23-08-2010 --------

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\tyler thomas\my documents\video games\sonic\other\rom stuff\sonic crackers.bin
c:\documents and settings\tyler thomas\my documents\video games\sonic\other\rom stuff\[smd] sonic crackers.zip
c:\documents and settings\tyler thomas\my documents\video games\sonic\other\rom stuff\sonic 3d crackers by tweaker\sonic_3d_crackers by tweaker.bin
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.BB.11
----- EOF -----

#4
Rorschach112

Posted 23 August 2010 - 11:13 AM

Ralphie

Retired Staff
47,710 posts

why haven't you installed a windows update in over a year ?

#5
Tylinos

Posted 23 August 2010 - 03:00 PM

Member

Topic Starter
Member
78 posts

To do that, I have to restart or shut down my computer, and I don't like having to do that unless I really have to, because it takes a while. (I put it in hibernation every day instead of shutting it down.) I know, it's a bad thing to not install Windows updates for so long. I just don't like having my computer take so long to shut down and start up.

Edited by Tylinos, 23 August 2010 - 03:06 PM.

#6
Rorschach112

Posted 24 August 2010 - 06:32 AM

Ralphie

Retired Staff
47,710 posts

how long does it take to shut down and reboot ? Our fix will force a reboot so you may as well install the latest windows update from here

http://windowsupdate.microsoft.com/

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2009/08/15 13:35:54 | 003,124,187 | R--- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\abcd.exe
[2009/08/15 11:54:18 | 003,124,187 | R--- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\Combo-Fix.exe
[2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\gmer.exe
[2009/08/15 14:31:03 | 000,102,148 | ---- | M] () -- C:\Documents and Settings\Tyler Thomas\Desktop\SystemLook.exe
[2009/07/19 04:52:09 | 000,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler Thomas\Desktop\TFC.exe

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

#7
Tylinos

Posted 24 August 2010 - 03:46 PM

Member

Topic Starter
Member
78 posts

It normally doesn't take way too long, but Hibernation is just much faster for shutdown and startup. Anyway, I installed the updates as you asked (It took hours, though that's my fault for putting off so many updates), and did the OTL run. Problem's still as bad as before, though I guess that's expected. Log is below.

All processes killed
========== OTL ==========
C:\Documents and Settings\Tyler Thomas\Desktop\abcd.exe moved successfully.
C:\Documents and Settings\Tyler Thomas\Desktop\Combo-Fix.exe moved successfully.
C:\Documents and Settings\Tyler Thomas\Desktop\gmer.exe moved successfully.
C:\Documents and Settings\Tyler Thomas\Desktop\SystemLook.exe moved successfully.
C:\Documents and Settings\Tyler Thomas\Desktop\TFC.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Tyler Thomas\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tyler Thomas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tyler Thomas
->Temp folder emptied: 55826638 bytes
->Temporary Internet Files folder emptied: 1391922 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 82938835 bytes
->Flash cache emptied: 1072338 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 10959872 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 263552 bytes
Windows Temp folder emptied: 76634 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12991326 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder

emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 158.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Tyler Thomas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.10.0 log created on 08242010_171336

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#8
Rorschach112

Posted 24 August 2010 - 03:49 PM

Ralphie

Retired Staff
47,710 posts

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

#9
Tylinos

Posted 24 August 2010 - 03:58 PM

Member

Topic Starter
Member
78 posts

When trying to check for updates for Malwarebytes, I'm unable to update it, as all that happens is an error message shows up with Error code: 732 (0, 0)

I haven't updated Malwarebytes since late last year, so this is probably a problem. Should I still go through with it?

#10
Rorschach112

Posted 24 August 2010 - 04:12 PM

Ralphie

Retired Staff
47,710 posts

yeah please

#11
Tylinos

Posted 24 August 2010 - 05:07 PM

Member

Topic Starter
Member
78 posts

Kapersky's giving me an error too. After installing the updates, the following message came up:

"Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: Trial license cannot be installed as an active license [0x8004025D]]"

Trying again had the same result. I was unable to do anything with it.

#12
Rorschach112

Posted 24 August 2010 - 05:11 PM

Ralphie

Retired Staff
47,710 posts

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

then will mbam or kaspersky work ?

#13
Tylinos

Posted 24 August 2010 - 06:31 PM

Member

Topic Starter
Member
78 posts

No luck. Same thing as before happened with both.

Edited by Tylinos, 24 August 2010 - 06:32 PM.

#14
Tylinos

Posted 24 August 2010 - 07:44 PM

Member

Topic Starter
Member
78 posts

1.are pages opening atrociously slowly
2.in task manager i know your ram is running mostly red,what about the graphs for cpu ,or even numbers underneath? is the graph blank?
3.do you know that microsoft updates so regularly now they call it patch tuesday.

1. Generally no. It's the computer itself that's being incredibly slow, not the internet.

2. The memory usage is fine, but the CPU % being used is what that problem is.