Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

One million tries later, hopefully this posts

Started by phedup , May 06 2011 09:49 AM

This topic is locked

#16
phedup

Posted 13 May 2011 - 06:22 PM

Member

Topic Starter
Member
48 posts

Thankyou sooo much, I appreciate your time invested !!! talk to you soon !!!!

#17
havredave

Posted 14 May 2011 - 01:05 PM

GeekU Moderator

GeekU Moderator
1,711 posts

You're quite welcome. That's what we're here for.

We'll have to dig just a little deeper to find out what the infections were that you had prior to posting here, but first, I'd like to help you stabilize the machine so we can more easily dig.

First, please open Add/Remove Programs in your Control Panel, and remove the following. For information as to why, read here:

Advanced SystemCare 4
Next, I'd like you to download AppRemover and run it.

Click Next >>

Ensure "Remove Security Application" is selected and click Next >>

AppRemover will scan all the security applications on your PC

Select Any AVG, Norton or Avira entries from the applications offered and click Next >> twice.

Follow any further on-screen instructions. If asked to reboot, please do so.
Finally, a warning about CCleaner: While it is a great little temporary file cleaning program, it has a registry cleaning function that should not be used. In fact, all registry cleaners/optimisers should be avoided.

Also, do you intentionally have your homepage in Internet Explorer set to startsearcher? If not, what would you prefer it to be?

Please post back with your thoughts on your homepage, and your experiences with these instructions - any difficulties at all?

#18
phedup

Posted 14 May 2011 - 07:34 PM

Member

Topic Starter
Member
48 posts

Hi there,
I went straight to add remove and ditched advanced system care, I had no idea that was a baddie, but gone now, (gotta get it off my laptop too ),as far as appremover, I downloaded, ran and scanned, it did not find ANY avg or Avira. I even did th "deeper" scan to find "traces" left from bad uninstalls, and came up with nuthin, I did a search using my pc's search button and it found a few files, should I delete them??

As far as the startsearcher bizness , I don't have any idea where in the heck that came from, i don't prefer it,and usually have to go around it, it has a redirect feel to it, oh btw, when I had done spybot before it found clickgift.load or something, and I was dealing with alot of redirecs, was that the rootkit???
but I really would like to know this............

When I did all the scans and logs I was in safe mode logged in as "administrator", I normally do NOT use the pc as "administrator" as it is only available in safe mode, I as well as my family use "monica", does that matter that the scans I have provided were not done using "monica" the likely account that picked up the "ick",, when I tried to find the combofix log I could only get to it from the administrator side, but the OTR was on "monica" and i couldn't get to it from "administrator" which surprised me because I thought "administrator " would have access to all things pc..... hope you're still following me and not slamming your head against your desk.
thanks again !!!!

#19
havredave

Posted 15 May 2011 - 02:15 PM

GeekU Moderator

GeekU Moderator
1,711 posts

Interesting that AppRemover didn't find anything to remove. I sure did, just from the scans you gave me. I'll talk with my resident expert and help you remove those. The bits that are left behind can still cause performance and protection grief.

The other issues we can handle soon as well, but I'm afraid it's going to take me into tomorrow to get a game-plan together for you. I'm sorry for the delay, but I actually have a pretty short window of activity per day due to time zone differences between myself and my expert, and I got up rather late today. :unsure:

In the meantime, it's pretty easy to find out if your account is an administrative one or not by going into your Control Panel, opening the User Accounts tool, and simply glancing at the listed accounts. It'll tell you whether an account is administrative or limited access. Yes, we do need to do most of this from an administrator account, which the monica account is.

I expect your difficulty in finding things between the "monica" and "administrator" accounts were due to them not sharing a desktop. That is to say that each account on your machine has its own desktop and individual user files. You would have had to navigate to the other user's desktop to find the files you were after.

Yes, redirects could very well have been from the rootkit, but we have a bit of digging left to do.

Anyway, I should be talking to you tomorrow. Have a great rest of your weekend!

#20
havredave

Posted 16 May 2011 - 04:17 PM

GeekU Moderator

GeekU Moderator
1,711 posts

Happy Monday!

Please boot the machine into normal mode, with your normal user account. Open OTL (You can download a fresh one here), and paste the following into its "Custom Scans/Fixes" box, then click the "Run Scan" button. Please post back with the resulting scan.

:Files
C:\Qoobox\*.* /S

I'll look forward to your next post - also, please let me know how the machine is running, if you'd be so kind.

P.S.: Sorry it took so long to post this - I missed a notifier from my resident expert due to my Internet connectivity being trashy today

#21
phedup

Posted 17 May 2011 - 04:41 AM

Member

Topic Starter
Member
48 posts

Good Tuesday !!! Don't sweat the timeframe getting back to me,l uckily I have a laptop, so this pos machine is not my only option,
heres the scan log

OTL logfile created on: 5/17/2011 6:19:16 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\monica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 147.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 20.00 Gb Free Space | 53.75% Space Free | Partition Type: NTFS

Computer Name: DJHCGB11 | User Name: monica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
PRC - [2011/04/26 21:14:27 | 003,261,440 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/25 23:13:16 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe
PRC - [2001/03/16 03:59:00 | 000,165,888 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [1999/08/30 03:55:00 | 000,189,952 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe

========== Modules (SafeList) ==========

MOD - [2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (navapsvc)
SRV - File not found [Disabled | Stopped] -- -- (avg8wd)
SRV - File not found [Disabled | Stopped] -- -- (avg8emc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2001/08/06 15:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\povrtdev.sys -- (msvad_simple)
DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/06/20 15:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/05/07 16:11:22 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)
DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/07 05:50:20 | 000,049,399 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mamotou.sys -- (mamotou)
DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/17 23:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV - [2004/08/23 22:57:40 | 000,004,992 | ---- | M] ((Standard Mouse Types)) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amfilter.sys -- (Amfilter)
DRV - [2004/08/23 22:55:48 | 000,011,264 | R--- | M] ((Standard Mouse Types)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amusbprt.sys -- (Amusbprt)
DRV - [2004/08/04 00:31:18 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/11/07 05:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 05:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/01/24 12:13:06 | 000,024,197 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FTD2XX.sys -- (FTD2XX)
DRV - [2002/05/07 14:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V4CB013D.SYS -- (FINEPIX_PCC)
DRV - [2002/04/11 18:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbcm.sys -- (usbcm)
DRV - [2002/04/11 14:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2002/01/23 13:59:54 | 000,661,770 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmxp.sys -- (ltmodem5)
DRV - [2001/10/25 23:13:12 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/10/25 23:13:02 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/10/25 23:12:54 | 000,282,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/09/10 10:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/04 16:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/04 15:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 15:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/04 15:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/08/30 16:48:40 | 000,022,713 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/08/30 16:47:50 | 000,055,216 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2001/08/17 15:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/06/20 19:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/05/14 19:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2000/10/03 17:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.norwichbulletin.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.char...in/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...a/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1098019000060 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1139152115093 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam.atomic...activex/AMC.cab (Reg Error: Value error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft.../as5/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://www.csde.stat...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload.ma...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...768/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...eInstallSBC.exe (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\monica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\monica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 20:37:49 | 006,389,088 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\monica\Desktop\AppRemover.exe
[2011/05/06 11:09:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/05/01 11:20:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/01 10:38:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/01 10:38:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/01 10:38:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/01 10:38:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/01 10:06:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/01 08:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/30 20:27:40 | 013,007,304 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\monica\Desktop\windows-kb890830-v3.18.exe
[2011/04/29 10:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\SUPERAntiSpyware.com
[2011/04/29 10:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/28 13:19:41 | 030,459,048 | ---- | C] (IObit ) -- C:\Documents and Settings\monica\Desktop\asc4-setup-cnet.exe
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/04/26 21:15:52 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/26 06:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2002/03/14 02:59:57 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\Documents and Settings\monica\*.tmp files -> C:\Documents and Settings\monica\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 06:13:11 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/17 06:13:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/17 06:12:54 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/05/17 06:12:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/17 06:12:24 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/14 22:13:28 | 000,365,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/14 22:06:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/14 20:41:58 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\monica\Desktop\AppRemover.exe
[2011/05/14 15:00:58 | 000,449,146 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/14 15:00:58 | 000,075,164 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/14 14:40:37 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2011/05/14 14:40:11 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/13 10:56:48 | 000,302,080 | ---- | M] () -- C:\5nogpdsv.exe
[2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/05/06 10:30:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 14:01:31 | 000,000,111 | ---- | M] () -- C:\WINDOWS\password.klc
[2011/05/05 13:27:43 | 000,000,111 | ---- | M] () -- C:\password.klc
[2011/05/05 13:26:29 | 000,002,243 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/30 20:27:45 | 013,007,304 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\monica\Desktop\windows-kb890830-v3.18.exe
[2011/04/28 13:19:51 | 030,459,048 | ---- | M] (IObit ) -- C:\Documents and Settings\monica\Desktop\asc4-setup-cnet.exe
[2011/04/27 11:51:50 | 000,001,193 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\NEW BROTHER PE-770 PE770 EMBROIDERY SEWING MACHINE eBay.url
[2011/04/27 09:40:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/26 21:15:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/26 14:57:55 | 000,003,450 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\Lenovo IdeaPad Laptop Computer U450P with Charger eBay.url
[2011/04/23 14:51:12 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\YouTube - Mel shark tooth hunting 7-24-10, megalodon teeth.url
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 13:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[1 C:\Documents and Settings\monica\*.tmp files -> C:\Documents and Settings\monica\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 10:24:27 | 535,904,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/13 10:54:51 | 000,302,080 | ---- | C] () -- C:\5nogpdsv.exe
[2011/05/05 13:27:43 | 000,000,111 | ---- | C] () -- C:\password.klc
[2011/05/01 10:38:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/01 10:38:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/01 10:38:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/01 10:38:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/01 10:38:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/01 10:29:20 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 19:43:03 | 000,002,243 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/28 13:46:15 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/04/26 06:13:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/23 10:00:39 | 000,001,193 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\NEW BROTHER PE-770 PE770 EMBROIDERY SEWING MACHINE eBay.url
[2011/04/23 09:57:32 | 000,003,450 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\Lenovo IdeaPad Laptop Computer U450P with Charger eBay.url
[2010/02/22 12:11:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/07/06 22:14:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2009/07/06 22:14:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/02/02 13:03:22 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/02/15 09:55:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/02/14 23:10:26 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/14 23:10:26 | 000,003,446 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/04 11:39:48 | 000,117,193 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/02/01 19:42:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/12/28 14:11:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/12/28 14:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/12/28 14:05:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/12/18 22:57:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/29 07:24:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/27 11:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 22:30:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/03/15 22:18:38 | 000,116,976 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/03/15 22:18:38 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/03/15 21:41:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/01/29 18:00:49 | 000,000,115 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/11/13 09:22:38 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PMUSERS.DAT
[2006/05/05 20:17:20 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/02/01 13:32:19 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/28 12:40:46 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/16 09:43:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\INSTAL~5.INI
[2005/04/23 13:46:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2005/04/23 13:44:05 | 000,000,059 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2005/02/25 11:10:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/07 10:21:04 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/10/17 12:56:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/10/17 12:45:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/10/17 12:42:06 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/08/07 18:52:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/08/06 13:25:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/09 03:15:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Amuninst.exe_A4M
[2004/07/08 15:15:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\Amuninst.exe
[2004/04/25 13:24:07 | 000,000,596 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/04/16 17:30:12 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/15 07:17:26 | 000,000,103 | ---- | C] () -- C:\WINDOWS\acezflowers.ini
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{9CFE8B7E-E685-4677-800E-EA4A246F46FD}.dat
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{33B24425-72FF-4B06-A6AB-93BB4AFA6B25}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{9DB2F4E0-9742-428F-AE76-2C6F19415860}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{18F95C32-F522-45E4-A145-5F11EE8C345B}.dat
[2004/03/18 19:37:38 | 000,000,055 | -H-- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/02/29 14:29:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2004/02/27 13:25:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/02/27 12:17:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/26 21:32:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/02/26 21:23:39 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/02/26 21:22:17 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2003/12/17 14:06:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2003/11/04 12:59:30 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2003/11/03 09:51:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/11/02 23:05:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 14:14:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/10/02 13:55:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2003/10/02 13:53:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2003/09/11 17:15:50 | 000,000,122 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2003/09/06 10:05:20 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2003/09/06 09:53:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/09/06 09:52:59 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/05/31 20:43:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[2003/04/30 22:07:18 | 000,000,206 | ---- | C] () -- C:\WINDOWS\skywriter.ini
[2003/02/01 14:58:10 | 000,000,085 | ---- | C] () -- C:\WINDOWS\TaxACT02.ini
[2002/11/22 22:57:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\ssdlc.dat
[2002/11/14 15:20:44 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CDS6300.ini
[2002/09/15 20:56:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2002/07/02 15:22:21 | 000,000,394 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/06/10 20:54:44 | 000,000,311 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2002/05/04 17:46:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/04/12 09:49:05 | 000,001,325 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/04/11 14:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/07 11:35:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/04/05 18:22:11 | 000,000,405 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2002/04/04 15:46:20 | 000,011,692 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/04/03 13:25:08 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\monica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/04/03 09:36:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/04/02 22:11:25 | 000,022,016 | ---- | C] () -- C:\WINDOWS\tstnet.exe
[2002/04/02 22:11:25 | 000,019,968 | ---- | C] () -- C:\WINDOWS\NetworkTest.exe
[2002/03/14 03:05:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/03/14 02:59:36 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2002/03/14 02:59:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/03/14 02:59:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/03/14 02:58:21 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/03/14 02:58:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/03/14 02:58:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/03/14 02:57:52 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/03/14 02:56:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2002/03/14 02:55:01 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/14 02:49:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2002/03/14 02:22:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/15 10:53:56 | 000,365,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/15 10:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/11/15 09:39:06 | 000,449,146 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2001/11/15 09:39:06 | 000,075,164 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2001/11/15 09:31:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/11/15 09:28:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/08/23 17:07:14 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/08/23 17:07:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/08/06 15:41:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Nhksrv.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========

< :Files >

< C:\Qoobox\*.* /S >
[2011/05/01 11:07:24 | 000,012,952 | ---- | M] () -- C:\Qoobox\Add-Remove Programs.txt
[2011/05/01 11:08:20 | 000,000,940 | ---- | M] () -- C:\Qoobox\ComboFix-quarantined-files.txt
[2011/05/01 11:05:37 | 001,724,139 | ---- | M] () -- C:\Qoobox\SnapShot@2011-05-01_15.03.21.dat
[2011/05/01 10:40:36 | 000,000,238 | ---- | M] () -- C:\Qoobox\BackEnv\AppData.folder.dat
[2011/05/01 10:40:45 | 000,000,258 | ---- | M] () -- C:\Qoobox\BackEnv\Cache.folder.dat
[2011/05/01 10:40:37 | 000,000,112 | ---- | M] () -- C:\Qoobox\BackEnv\Cookies.folder.dat
[2011/05/01 10:40:37 | 000,000,159 | ---- | M] () -- C:\Qoobox\BackEnv\Desktop.folder.dat
[2011/05/01 10:40:38 | 000,000,165 | ---- | M] () -- C:\Qoobox\BackEnv\Favorites.folder.dat
[2011/05/01 10:40:38 | 000,000,142 | ---- | M] () -- C:\Qoobox\BackEnv\History.folder.dat
[2011/05/01 10:40:39 | 000,000,294 | ---- | M] () -- C:\Qoobox\BackEnv\LocalAppData.folder.dat
[2011/05/01 10:40:40 | 000,000,235 | ---- | M] () -- C:\Qoobox\BackEnv\LocalSettings.folder.dat
[2011/05/01 10:40:40 | 000,000,162 | ---- | M] () -- C:\Qoobox\BackEnv\Personal.folder.dat
[2011/05/01 10:40:41 | 000,000,060 | ---- | M] () -- C:\Qoobox\BackEnv\Pictures.folder.dat
[2011/05/01 10:40:41 | 000,000,045 | ---- | M] () -- C:\Qoobox\BackEnv\PrintHood.folder.dat
[2011/05/01 10:40:35 | 000,000,532 | ---- | M] () -- C:\Qoobox\BackEnv\Profiles.Folder.dat
[2011/05/01 10:40:41 | 000,000,785 | ---- | M] () -- C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
[2011/05/01 10:40:42 | 000,000,186 | ---- | M] () -- C:\Qoobox\BackEnv\Programs.folder.dat
[2011/05/01 10:40:43 | 000,000,101 | ---- | M] () -- C:\Qoobox\BackEnv\Recent.folder.dat
[2011/05/01 10:40:43 | 000,000,042 | ---- | M] () -- C:\Qoobox\BackEnv\SendTo.folder.dat
[2011/05/01 10:39:49 | 000,004,902 | ---- | M] () -- C:\Qoobox\BackEnv\SetPath.bat
[2011/05/01 10:40:44 | 000,000,159 | ---- | M] () -- C:\Qoobox\BackEnv\StartMenu.folder.dat
[2011/05/01 10:40:44 | 000,000,210 | ---- | M] () -- C:\Qoobox\BackEnv\StartUp.folder.dat
[2011/05/01 10:39:44 | 000,001,650 | ---- | M] () -- C:\Qoobox\BackEnv\SysPath.dat
[2011/05/01 10:40:45 | 000,000,156 | ---- | M] () -- C:\Qoobox\BackEnv\Templates.folder.dat
[2011/05/01 10:49:46 | 000,963,360 | ---- | M] () -- C:\Qoobox\BackEnv\VikPev00
[2011/05/01 11:25:05 | 000,000,204 | ---- | M] () -- C:\Qoobox\Quarantine\catchme.log
[2011/05/01 10:42:44 | 000,000,512 | ---- | M] () -- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
[2008/02/15 10:11:56 | 000,000,238 | ---- | M] () -- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Yahoo!\YOP\yop.html.vir
[2011/05/01 11:07:23 | 000,000,560 | ---- | M] () -- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Facetheme.reg.dat
[2011/05/01 11:05:56 | 000,000,132 | ---- | M] () -- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AVG8_TRAY.reg.dat
[2011/05/01 11:06:48 | 000,000,338 | ---- | M] () -- C:\Qoobox\Quarantine\Registry_backups\HKLM_ActiveSetup-{F9F803E5-559F-4323-8962-1572E758FDA7}.reg.dat
[2011/05/01 10:59:47 | 000,010,729 | ---- | M] () -- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\monica\My Documents\revised porch.rtf:SummaryInformation
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

I am still noticing a slow moving pc in normal mode, probably all the extra junk on it, but thats a whole other
repair for another time : )

thanks again for helping me out, I will check back to see what the next step will be.
talk to you soon

#22
havredave

Posted 17 May 2011 - 12:00 PM

GeekU Moderator

GeekU Moderator
1,711 posts

The slow performance isn't too much of a surprise at this point. I'll be interested in hearing how it does after this. Alright, next step:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

:Services
SRV - File not found [Disabled | Stopped] -- -- (navapsvc)
SRV - File not found [Disabled | Stopped] -- -- (avg8wd)
SRV - File not found [Disabled | Stopped] -- -- (avg8emc)
SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)
DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5768/mcfscan.cab (McFreeScan Class)

:Files
C:\Documents and Settings\Administrator.DJHCGB11\Desktop\OTL.exe|C:\Documents and Settings\monica\Desktop\OTL.exe /replace
C:\Documents and Settings\Administrator.DJHCGB11\Desktop\ms sec.exe|C:\Documents and Settings\monica\Desktop\ms sec.exe /replace
C:\5nogpdsv.exe

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com"

:Commands
[resethosts]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, it will reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#23
phedup

Posted 17 May 2011 - 01:04 PM

Member

Topic Starter
Member
48 posts

Ok I ran the scan and when the system rebooted there was this log

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
Error: No service named SRV - File not found [Disabled | Stopped] -- -- (navapsvc) was found to stop!
Service\Driver key SRV - File not found [Disabled | Stopped] -- -- (navapsvc) not found.
Error: No service named SRV - File not found [Disabled | Stopped] -- -- (avg8wd) was found to stop!
Service\Driver key SRV - File not found [Disabled | Stopped] -- -- (avg8wd) not found.
Error: No service named SRV - File not found [Disabled | Stopped] -- -- (avg8emc) was found to stop!
Service\Driver key SRV - File not found [Disabled | Stopped] -- -- (avg8emc) not found.
Error: No service named SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) was found to stop!
Service\Driver key SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) not found.
Error: No service named DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) was found to stop!
Service\Driver key DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) not found.
Error: No service named DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) was found to stop!
Service\Driver key DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) not found.
Error: No service named DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) was found to stop!
Service\Driver key DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) not found.
Error: No service named DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon) was found to stop!
Service\Driver key DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon) not found.
Error: No service named DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) was found to stop!
Service\Driver key DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) not found.
Error: No service named DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd) was found to stop!
Service\Driver key DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd) not found.
Error: No service named O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class) was found to stop!
Service\Driver key O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class) not found.
Error: No service named O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner) was found to stop!
Service\Driver key O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner) not found.
Error: No service named O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class) was found to stop!
Service\Driver key O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class) not found.
Error: No service named O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...768/mcfscan.cab (McFreeScan Class) was found to stop!
Service\Driver key O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...768/mcfscan.cab (McFreeScan Class) not found.
========== FILES ==========
Unable to replace file: C:\Documents and Settings\Administrator.DJHCGB11\Desktop\OTL.exe with C:\Documents and Settings\monica\Desktop\OTL.exe without a reboot.
File C:\Documents and Settings\monica\Desktop\ms sec.exe not found.
C:\5nogpdsv.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.msn.com" /E : value set successfully!
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: Administrator.DJHCGB11

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Jordan

User: LocalService
->Flash cache emptied: 3576 bytes

User: monica
->Flash cache emptied: 615 bytes

User: NetworkService
->Flash cache emptied: 10303 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_143911

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Then I ran the quick scan and this is the log you requested;(sorry if you didnt need the first one)

OTL logfile created on: 5/17/2011 2:44:44 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\monica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 20.00 Gb Free Space | 53.73% Space Free | Partition Type: NTFS

Computer Name: DJHCGB11 | User Name: monica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/25 23:13:16 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe
PRC - [2001/03/16 03:59:00 | 000,165,888 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [1999/08/30 03:55:00 | 000,189,952 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe

========== Modules (SafeList) ==========

MOD - [2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (navapsvc)
SRV - File not found [Disabled | Stopped] -- -- (avg8wd)
SRV - File not found [Disabled | Stopped] -- -- (avg8emc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2001/08/06 15:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\povrtdev.sys -- (msvad_simple)
DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/06/20 15:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/05/07 16:11:22 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)
DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/07 05:50:20 | 000,049,399 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mamotou.sys -- (mamotou)
DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/17 23:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV - [2004/08/23 22:57:40 | 000,004,992 | ---- | M] ((Standard Mouse Types)) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amfilter.sys -- (Amfilter)
DRV - [2004/08/23 22:55:48 | 000,011,264 | R--- | M] ((Standard Mouse Types)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amusbprt.sys -- (Amusbprt)
DRV - [2004/08/04 00:31:18 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/11/07 05:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 05:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/01/24 12:13:06 | 000,024,197 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FTD2XX.sys -- (FTD2XX)
DRV - [2002/05/07 14:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V4CB013D.SYS -- (FINEPIX_PCC)
DRV - [2002/04/11 18:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbcm.sys -- (usbcm)
DRV - [2002/04/11 14:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2002/01/23 13:59:54 | 000,661,770 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmxp.sys -- (ltmodem5)
DRV - [2001/10/25 23:13:12 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/10/25 23:13:02 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/10/25 23:12:54 | 000,282,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/09/10 10:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/04 16:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/04 15:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 15:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/04 15:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/08/30 16:48:40 | 000,022,713 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/08/30 16:47:50 | 000,055,216 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2001/08/17 15:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/06/20 19:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/05/14 19:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2000/10/03 17:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.norwichbulletin.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/05/17 14:39:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.char...in/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...a/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1098019000060 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1139152115093 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam.atomic...activex/AMC.cab (Reg Error: Value error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft.../as5/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://www.csde.stat...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload.ma...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...768/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...eInstallSBC.exe (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\monica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\monica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 14:39:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/14 20:37:49 | 006,389,088 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\monica\Desktop\AppRemover.exe
[2011/05/06 11:09:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/05/01 11:20:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/01 10:38:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/01 10:38:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/01 10:38:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/01 10:38:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/01 10:06:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/01 08:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/29 10:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\SUPERAntiSpyware.com
[2011/04/29 10:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/28 13:19:41 | 030,459,048 | ---- | C] (IObit ) -- C:\Documents and Settings\monica\Desktop\asc4-setup-cnet.exe
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/04/26 21:15:52 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/26 06:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2002/03/14 02:59:57 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\Documents and Settings\monica\*.tmp files -> C:\Documents and Settings\monica\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 14:42:19 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/17 14:42:13 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/17 14:42:12 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/17 14:41:51 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/05/17 14:41:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/17 14:41:25 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 14:39:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/05/17 14:36:51 | 000,001,046 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\One million tries later, hopefully this posts - Geeks to Go Forums.url
[2011/05/14 22:13:28 | 000,365,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/14 22:06:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/14 20:41:58 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\monica\Desktop\AppRemover.exe
[2011/05/14 15:00:58 | 000,449,146 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/14 15:00:58 | 000,075,164 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/14 14:40:37 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/05/06 10:30:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 14:01:31 | 000,000,111 | ---- | M] () -- C:\WINDOWS\password.klc
[2011/05/05 13:27:43 | 000,000,111 | ---- | M] () -- C:\password.klc
[2011/05/05 13:26:29 | 000,002,243 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/28 13:19:51 | 030,459,048 | ---- | M] (IObit ) -- C:\Documents and Settings\monica\Desktop\asc4-setup-cnet.exe
[2011/04/27 09:40:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/26 21:15:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/26 14:57:55 | 000,003,450 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\Lenovo IdeaPad Laptop Computer U450P with Charger eBay.url
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 13:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[1 C:\Documents and Settings\monica\*.tmp files -> C:\Documents and Settings\monica\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/17 14:36:51 | 000,001,046 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\One million tries later, hopefully this posts - Geeks to Go Forums.url
[2011/05/16 10:24:27 | 535,904,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/05 13:27:43 | 000,000,111 | ---- | C] () -- C:\password.klc
[2011/05/01 10:38:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/01 10:38:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/01 10:38:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/01 10:38:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/01 10:38:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/01 10:29:20 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 19:43:03 | 000,002,243 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/28 13:46:15 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/04/26 06:13:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/23 09:57:32 | 000,003,450 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\Lenovo IdeaPad Laptop Computer U450P with Charger eBay.url
[2010/02/22 12:11:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/07/06 22:14:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2009/07/06 22:14:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/02/02 13:03:22 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/02/15 09:55:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/02/14 23:10:26 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/14 23:10:26 | 000,003,446 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/04 11:39:48 | 000,117,193 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/02/01 19:42:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/12/28 14:11:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/12/28 14:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/12/28 14:05:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/12/18 22:57:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/29 07:24:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/27 11:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 22:30:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/03/15 22:18:38 | 000,116,976 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/03/15 22:18:38 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/03/15 21:41:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/01/29 18:00:49 | 000,000,115 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/11/13 09:22:38 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PMUSERS.DAT
[2006/05/05 20:17:20 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/02/01 13:32:19 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/28 12:40:46 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/16 09:43:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\INSTAL~5.INI
[2005/04/23 13:46:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2005/04/23 13:44:05 | 000,000,059 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2005/02/25 11:10:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/07 10:21:04 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/10/17 12:56:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/10/17 12:45:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/10/17 12:42:06 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/08/07 18:52:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/08/06 13:25:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/09 03:15:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Amuninst.exe_A4M
[2004/07/08 15:15:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\Amuninst.exe
[2004/04/25 13:24:07 | 000,000,596 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/04/16 17:30:12 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/15 07:17:26 | 000,000,103 | ---- | C] () -- C:\WINDOWS\acezflowers.ini
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{9CFE8B7E-E685-4677-800E-EA4A246F46FD}.dat
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{33B24425-72FF-4B06-A6AB-93BB4AFA6B25}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{9DB2F4E0-9742-428F-AE76-2C6F19415860}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{18F95C32-F522-45E4-A145-5F11EE8C345B}.dat
[2004/03/18 19:37:38 | 000,000,055 | -H-- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/02/29 14:29:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2004/02/27 13:25:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/02/27 12:17:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/26 21:32:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/02/26 21:23:39 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/02/26 21:22:17 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2003/12/17 14:06:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2003/11/04 12:59:30 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2003/11/03 09:51:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/11/02 23:05:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 14:14:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/10/02 13:55:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2003/10/02 13:53:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2003/09/11 17:15:50 | 000,000,122 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2003/09/06 10:05:20 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2003/09/06 09:53:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/09/06 09:52:59 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/05/31 20:43:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[2003/04/30 22:07:18 | 000,000,206 | ---- | C] () -- C:\WINDOWS\skywriter.ini
[2003/02/01 14:58:10 | 000,000,085 | ---- | C] () -- C:\WINDOWS\TaxACT02.ini
[2002/11/22 22:57:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\ssdlc.dat
[2002/11/14 15:20:44 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CDS6300.ini
[2002/09/15 20:56:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2002/07/02 15:22:21 | 000,000,394 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/06/10 20:54:44 | 000,000,311 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2002/05/04 17:46:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/04/12 09:49:05 | 000,001,325 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/04/11 14:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/07 11:35:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/04/05 18:22:11 | 000,000,405 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2002/04/04 15:46:20 | 000,011,692 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/04/03 13:25:08 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\monica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/04/03 09:36:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/04/02 22:11:25 | 000,022,016 | ---- | C] () -- C:\WINDOWS\tstnet.exe
[2002/04/02 22:11:25 | 000,019,968 | ---- | C] () -- C:\WINDOWS\NetworkTest.exe
[2002/03/14 03:05:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/03/14 02:59:36 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2002/03/14 02:59:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/03/14 02:59:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/03/14 02:58:21 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/03/14 02:58:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/03/14 02:58:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/03/14 02:57:52 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/03/14 02:56:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2002/03/14 02:55:01 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/14 02:49:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2002/03/14 02:22:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/15 10:53:56 | 000,365,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/15 10:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/11/15 09:39:06 | 000,449,146 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2001/11/15 09:39:06 | 000,075,164 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2001/11/15 09:31:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/11/15 09:28:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/08/23 17:07:14 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/08/23 17:07:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/08/06 15:41:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Nhksrv.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/07/31 13:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/01 10:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2006/02/27 13:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2006/02/27 09:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(2)
[2006/02/27 09:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(3)
[2008/06/20 13:39:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2004/10/17 13:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IEService
[2011/02/15 12:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/02/16 08:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2005/09/27 11:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetVeda
[2006/02/25 23:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2002/03/14 03:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging
[2005/11/13 21:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2011/04/30 20:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/23 09:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/10/19 14:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Aim
[2009/11/20 22:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\AVGTOOLBAR
[2010/10/15 10:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Canon
[2005/05/01 02:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\EPSON
[2003/11/15 00:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\FUJIFILM
[2006/04/26 18:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\ICAClient
[2010/11/18 09:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Image Zone Express
[2002/04/05 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\InterTrust
[2011/04/28 13:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\IObit
[2004/01/17 20:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Kontiki
[2004/02/26 21:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Leadertech
[2007/03/11 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Musicmatch
[2010/08/27 15:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Preclick
[2010/06/07 09:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Printer Info Cache
[2005/08/10 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Registry Defender
[2007/07/19 11:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Snapfish
[2008/02/13 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\TrueSwitch
[2007/04/03 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint
[2011/05/17 14:41:51 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\monica\My Documents\revised porch.rtf:SummaryInformation

< End of report >

Let me know whats next............... thankyou

#24
havredave

Posted 17 May 2011 - 02:49 PM

GeekU Moderator

GeekU Moderator
1,711 posts

I did need both logs; you did it perfectly.

Part of what I tried to do with that last fix didn't work right, but it's not because of anything you did. I'll go from a different angle soon - off to chat with my expert!

#25
havredave

Posted 18 May 2011 - 11:44 AM

GeekU Moderator

GeekU Moderator
1,711 posts

I'm going to do a little more digging, to see if there was something in specific keeping our last script from working correctly.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO, and make note of any file names or other information marked in red.
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

#26
phedup

Posted 18 May 2011 - 02:59 PM

Member

Topic Starter
Member
48 posts

Ok I will give that a try, but I must tell you I am growing increasingly sick of this computer, and am beginning to feel that it will be in the scrap heap soon.

Each time I finish scanning and posting I disable the internet from it and leave it, each time I go back I find it has gone to a black screen and cannot come out of whatever state it is in I end up having to cold boot, and after a couple of times of doing that it starts the same thing it was doing 8 mos or so ago, where it will beep codes (possibly HD failure codes) and refuse to start so i have to cold boot repeatedly until it starts, there is a thread on here from when this happened back in July I believe.
well enough whining , I will attempt to get it up and running to scan and post and will let you know the outcome, but in the mean time, and for the sake of my sanity, can you recommend a computer?? how are macs? besides expensive(lol)

Edited by phedup, 18 May 2011 - 02:59 PM.

#27
havredave

Posted 19 May 2011 - 11:59 AM

GeekU Moderator

GeekU Moderator
1,711 posts

For the issue you're having with coming back to a black screen, has anyone walked you through disabling power-saving modes? It sounds like your machine is going into sleep mode and isn't accepting input to come back out. Simply turning off hibernation and other settings can alleviate that problem in many cases, since sleep mode can be a little flaky depending on the machine. Of course it leaves you in the position of having to manually turn the computer off when you're away from it for a long time, or at least the monitor. That's what I do at home, usually. I leave my computer running when I'm going to be back at it in less than 5 hours or so, and I turn off the monitor. I do not have any power saving settings running, and I do not have issues with the machine not responding when I come back.

If you'd like help with disabling those settings, let me know.

Of course its problem may be something else, and it would be a reasonable idea to look at that as well, while we're here. It doesn't help much to fight a hardware issue while we're fighting malware as well. For the time being, I'll let you know whether it's ok to shut the machine down or not, after each scan. In most cases, it is.

As far as Mac is concerned, I think their hardware is decent and their operating system is not bad, but they have issue with getting support, software and hardware for them. Unless you live in an area with good coverage by one or more Apple stores, I honestly wouldn't recommend it, but that's just my opinion.

#28
phedup

Posted 19 May 2011 - 12:55 PM

Member

Topic Starter
Member
48 posts

Well, I dowloaded unzipped and ran the scan but the scan stopped(froze) after about 2 hours, I then tried to scan again but soon after it began I was rewarded with two error messages, first was a GMER message "insufficient system resources exist to complete requested service", and when trying to close that message a Windows message "windows delayed write failed" "unable to save all data for the file" etc. etc,
and lastly when sucessfully closing them both (the kept looping) I got the grand prize of a blue scree, Kernal_Data_Inpage_Error...etc I guess this machine is not liking any of the probing, I will attempt to reboot (probably will get alot of beeps after this), and try to scan again,, let me know if I should take that trip to the freeway.

#29
havredave

Posted 19 May 2011 - 01:15 PM

GeekU Moderator

GeekU Moderator
1,711 posts

Alright, time for me to run more past my expert helper. I think I know what's going on, but not quite positive how I'll tackle it yet.

Do the hibernation/sleep/power-saving issues sound like something you changed when you were working on the problem months ago?

In the meantime, don't worry about running GMER until later. I have something else for you to try now.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#30
phedup

Posted 19 May 2011 - 01:15 PM

Member

Topic Starter
Member
48 posts

OK rebooted , no beeping what a shock, too a lot longer to load windows, opened up and retsrted gmer scan, went upstairs went back to check and had a blue screen again, this time it said Driver_IRQL_NOT_LESS_OR_EQUAL and a bunch of other stuff,
should I being trying to run this scan in safe mode??
will wait to hear from you as to my next move, and will wait to load the pc into the car for the "drop". LOL