Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

One million tries later, hopefully this posts

Started by phedup , May 06 2011 09:49 AM

  • This topic is locked This topic is locked

#31
phedup
Posted 19 May 2011 - 02:00 PM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Good afternoon,

To answer the question about the sleep hibernation thing, that just started with the latest fixes, the beeping unable to start the pc for muliple tries sporatically has been on and off for 8 - 9 mos, I have been "tolerating" it becasue I thought it was a possible failing hard drive, so I continued to use the pc until it failed completely, what lead me to these latest pleas for assistance is the redirects and slowness, and in the bac of my mind I wonder if a virus could cause the pc not starting. but anyway, heres th log you requested... keep me posted on what you find..thankyou

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-19 15:55:04
-----------------------------
15:55:04.828 OS Version: Windows 5.1.2600 Service Pack 3
15:55:04.828 Number of processors: 1 586 0x102
15:55:04.828 ComputerName: DJHCGB11 UserName: monica
15:55:06.015 Initialize success
15:55:07.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:55:07.781 Disk 0 Vendor: WDC_WD400BB-75CAA0 16.06V16 Size: 38146MB BusType: 3
15:55:07.796 Disk 0 MBR read successfully
15:55:07.796 Disk 0 MBR scan
15:55:07.812 Disk 0 Windows XP default MBR code
15:55:07.812 Disk 0 scanning sectors +78108030
15:55:07.890 Disk 0 scanning C:\WINDOWS\system32\drivers
15:55:27.078 Service scanning
15:55:32.953 Disk 0 trace - called modules:
15:55:32.968 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
15:55:32.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8376fab8]
15:55:32.984 3 CLASSPNP.SYS[f8776fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8376c890]
15:55:32.984 Scan finished successfully
15:55:49.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\monica\Desktop\MBR.dat"
15:55:49.359 The log file has been saved successfully to "C:\Documents and Settings\monica\Desktop\aswMBR.txt"
  • 0

Advertisements

#32
havredave
Posted 19 May 2011 - 02:46 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Yes, an infection can definitely keep a machine from booting properly. However, your description of beeps sounds to me like POST beep codes. A few beeps is quite normal, but if they're in some sort of pattern (long short short, for example), they often mean something specific.

POST is the power-on self test, and happens long before the part of the boot process that a normal virus could touch. Often I'll see machines that give me POST beeps, but just stop with no activity after that, other than fans spinning and such. There are a lot of possibilities there, most of which I'd recommend a professional repair shop to diagnose. There's just too much that could go wrong unless you know what you're doing inside a computer's case.

The aswMBR scan looks good to me, so we'll try going back to that OTL fix, but modified a little bit. Please do the following:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - File not found [Disabled | Stopped] -- -- (navapsvc)
SRV - File not found [Disabled | Stopped] -- -- (avg8wd)
SRV - File not found [Disabled | Stopped] -- -- (avg8emc)
SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)
DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5768/mcfscan.cab (McFreeScan Class)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com

:Files
C:\Documents and Settings\monica\Desktop\asc4-setup-cnet.exe
C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
C:\Documents and Settings\All Users\Application Data\IObit
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\monica\Application Data\AVGTOOLBAR
C:\Documents and Settings\monica\Application Data\IObit

:Commands
[createrestorepoint]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#33
phedup
Posted 19 May 2011 - 04:29 PM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi, I ran it it did not reboot, only a box popped up that said fix complete, this log was produced


Error: Unable to interpret <SRV - File not found [Disabled | Stopped] -- -- (navapsvc) > in the current context!
Error: Unable to interpret <SRV - File not found [Disabled | Stopped] -- -- (avg8wd) > in the current context!
Error: Unable to interpret <SRV - File not found [Disabled | Stopped] -- -- (avg8emc) > in the current context!
Error: Unable to interpret <SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) > in the current context!
Error: Unable to interpret <DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) > in the current context!
Error: Unable to interpret <DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) > in the current context!
Error: Unable to interpret <DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) > in the current context!
Error: Unable to interpret <DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon) > in the current context!
Error: Unable to interpret <DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) > in the current context!
Error: Unable to interpret <DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd) > in the current context!
Error: Unable to interpret <O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class) > in the current context!
Error: Unable to interpret <O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner) > in the current context!
Error: Unable to interpret <O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class) > in the current context!
Error: Unable to interpret <O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...768/mcfscan.cab (McFreeScan Class) > in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found > in the current context!
Error: Unable to interpret <O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) > in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com > in the current context!
Error: Unable to interpret < > in the current context!
========== FILES ==========
C:\Documents and Settings\monica\Desktop\asc4-setup-cnet.exe moved successfully.
C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit\Advanced SystemCare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\monica\Application Data\AVGTOOLBAR\NewCfg folder moved successfully.
C:\Documents and Settings\monica\Application Data\AVGTOOLBAR folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\SmartRAM folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\DiskCleaner\backup folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\DiskCleaner folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\Advanced Uninsataller\log folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\Advanced Uninsataller folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit\Advanced SystemCare folder moved successfully.
C:\Documents and Settings\monica\Application Data\IObit folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05192011_180751

I then ran quick scan and here is the log that produced

OTL logfile created on: 5/19/2011 6:09:21 PM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\monica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 229.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 19.75 Gb Free Space | 53.06% Space Free | Partition Type: NTFS

Computer Name: DJHCGB11 | User Name: monica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/25 23:13:16 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe
PRC - [2001/03/16 03:59:00 | 000,165,888 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [1999/08/30 03:55:00 | 000,189,952 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (navapsvc)
SRV - File not found [Disabled | Stopped] -- -- (avg8wd)
SRV - File not found [Disabled | Stopped] -- -- (avg8emc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2001/08/06 15:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\povrtdev.sys -- (msvad_simple)
DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/06/20 15:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/05/07 16:11:22 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)
DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/07 05:50:20 | 000,049,399 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mamotou.sys -- (mamotou)
DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/17 23:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV - [2004/08/23 22:57:40 | 000,004,992 | ---- | M] ((Standard Mouse Types)) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amfilter.sys -- (Amfilter)
DRV - [2004/08/23 22:55:48 | 000,011,264 | R--- | M] ((Standard Mouse Types)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amusbprt.sys -- (Amusbprt)
DRV - [2004/08/04 00:31:18 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/11/07 05:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 05:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/01/24 12:13:06 | 000,024,197 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FTD2XX.sys -- (FTD2XX)
DRV - [2002/05/07 14:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V4CB013D.SYS -- (FINEPIX_PCC)
DRV - [2002/04/11 18:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbcm.sys -- (usbcm)
DRV - [2002/04/11 14:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2002/01/23 13:59:54 | 000,661,770 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmxp.sys -- (ltmodem5)
DRV - [2001/10/25 23:13:12 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/10/25 23:13:02 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/10/25 23:12:54 | 000,282,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/09/10 10:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/04 16:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/04 15:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 15:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/04 15:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/08/30 16:48:40 | 000,022,713 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/08/30 16:47:50 | 000,055,216 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2001/08/17 15:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/06/20 19:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/05/14 19:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2000/10/03 17:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.norwichbulletin.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/05/17 14:39:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.char...in/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...a/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1098019000060 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1139152115093 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam.atomic...activex/AMC.cab (Reg Error: Value error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft.../as5/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://www.csde.stat...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload.ma...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...768/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...eInstallSBC.exe (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\monica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\monica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 15:54:47 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\monica\Desktop\aswMBR.exe
[2011/05/19 12:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Desktop\gmer
[2011/05/17 14:39:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/14 20:37:49 | 006,389,088 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\monica\Desktop\AppRemover.exe
[2011/05/06 11:09:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/05/01 11:20:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/01 10:38:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/01 10:38:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/01 10:38:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/01 10:38:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/01 10:06:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/01 08:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/29 10:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\SUPERAntiSpyware.com
[2011/04/29 10:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/04/26 21:15:52 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/26 06:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2002/03/14 02:59:57 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\Documents and Settings\monica\*.tmp files -> C:\Documents and Settings\monica\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/19 16:23:21 | 000,001,099 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\One million tries later, hopefully this posts - Geeks to Go Forums - Page 3.url
[2011/05/19 15:55:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\MBR.dat
[2011/05/19 15:54:55 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\monica\Desktop\aswMBR.exe
[2011/05/19 15:50:25 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/19 15:50:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/19 15:50:04 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/19 15:15:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/19 15:15:37 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/19 12:35:58 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\gmer.zip
[2011/05/17 14:39:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/05/14 22:13:28 | 000,365,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/14 22:06:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/14 20:41:58 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\monica\Desktop\AppRemover.exe
[2011/05/14 15:00:58 | 000,449,146 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/14 15:00:58 | 000,075,164 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/14 14:40:37 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/05/06 10:30:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 14:01:31 | 000,000,111 | ---- | M] () -- C:\WINDOWS\password.klc
[2011/05/05 13:27:43 | 000,000,111 | ---- | M] () -- C:\password.klc
[2011/05/05 13:26:29 | 000,002,243 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/04 13:54:12 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\gmer.exe
[2011/04/27 09:40:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/26 21:15:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/26 14:57:55 | 000,003,450 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\Lenovo IdeaPad Laptop Computer U450P with Charger eBay.url
[1 C:\Documents and Settings\monica\*.tmp files -> C:\Documents and Settings\monica\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/19 16:23:21 | 000,001,099 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\One million tries later, hopefully this posts - Geeks to Go Forums - Page 3.url
[2011/05/19 15:55:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\MBR.dat
[2011/05/19 12:36:27 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\gmer.exe
[2011/05/16 10:24:27 | 535,904,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/05 13:27:43 | 000,000,111 | ---- | C] () -- C:\password.klc
[2011/05/01 10:38:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/01 10:38:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/01 10:38:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/01 10:38:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/01 10:38:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/01 10:29:20 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 19:43:03 | 000,002,243 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/26 06:13:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/23 09:57:32 | 000,003,450 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\Lenovo IdeaPad Laptop Computer U450P with Charger eBay.url
[2010/02/22 12:11:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/07/06 22:14:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2009/07/06 22:14:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/02/02 13:03:22 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/02/15 09:55:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/02/14 23:10:26 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/14 23:10:26 | 000,003,446 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/04 11:39:48 | 000,117,193 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/02/01 19:42:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/12/28 14:11:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/12/28 14:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/12/28 14:05:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/12/18 22:57:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/29 07:24:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/27 11:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 22:30:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/03/15 22:18:38 | 000,116,976 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/03/15 22:18:38 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/03/15 21:41:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/01/29 18:00:49 | 000,000,115 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/11/13 09:22:38 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PMUSERS.DAT
[2006/05/05 20:17:20 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/02/01 13:32:19 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/28 12:40:46 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/16 09:43:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\INSTAL~5.INI
[2005/04/23 13:46:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2005/04/23 13:44:05 | 000,000,059 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2005/02/25 11:10:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/07 10:21:04 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/10/17 12:56:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/10/17 12:45:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/10/17 12:42:06 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/08/07 18:52:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/08/06 13:25:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/09 03:15:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Amuninst.exe_A4M
[2004/07/08 15:15:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\Amuninst.exe
[2004/04/25 13:24:07 | 000,000,596 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/04/16 17:30:12 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/15 07:17:26 | 000,000,103 | ---- | C] () -- C:\WINDOWS\acezflowers.ini
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{9CFE8B7E-E685-4677-800E-EA4A246F46FD}.dat
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{33B24425-72FF-4B06-A6AB-93BB4AFA6B25}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{9DB2F4E0-9742-428F-AE76-2C6F19415860}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{18F95C32-F522-45E4-A145-5F11EE8C345B}.dat
[2004/03/18 19:37:38 | 000,000,055 | -H-- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/02/29 14:29:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2004/02/27 13:25:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/02/27 12:17:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/26 21:32:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/02/26 21:23:39 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/02/26 21:22:17 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2003/12/17 14:06:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2003/11/04 12:59:30 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2003/11/03 09:51:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/11/02 23:05:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 14:14:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/10/02 13:55:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2003/10/02 13:53:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2003/09/11 17:15:50 | 000,000,122 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2003/09/06 10:05:20 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2003/09/06 09:53:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/09/06 09:52:59 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/05/31 20:43:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[2003/04/30 22:07:18 | 000,000,206 | ---- | C] () -- C:\WINDOWS\skywriter.ini
[2003/02/01 14:58:10 | 000,000,085 | ---- | C] () -- C:\WINDOWS\TaxACT02.ini
[2002/11/22 22:57:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\ssdlc.dat
[2002/11/14 15:20:44 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CDS6300.ini
[2002/09/15 20:56:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2002/07/02 15:22:21 | 000,000,394 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/06/10 20:54:44 | 000,000,311 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2002/05/04 17:46:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/04/12 09:49:05 | 000,001,325 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/04/11 14:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/07 11:35:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/04/05 18:22:11 | 000,000,405 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2002/04/04 15:46:20 | 000,011,692 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/04/03 13:25:08 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\monica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/04/03 09:36:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/04/02 22:11:25 | 000,022,016 | ---- | C] () -- C:\WINDOWS\tstnet.exe
[2002/04/02 22:11:25 | 000,019,968 | ---- | C] () -- C:\WINDOWS\NetworkTest.exe
[2002/03/14 03:05:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/03/14 02:59:36 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2002/03/14 02:59:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/03/14 02:59:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/03/14 02:58:21 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/03/14 02:58:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/03/14 02:58:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/03/14 02:57:52 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/03/14 02:56:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2002/03/14 02:55:01 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/14 02:49:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2002/03/14 02:22:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/15 10:53:56 | 000,365,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/15 10:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/11/15 09:39:06 | 000,449,146 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2001/11/15 09:39:06 | 000,075,164 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2001/11/15 09:31:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/11/15 09:28:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/08/23 17:07:14 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/08/23 17:07:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/08/06 15:41:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Nhksrv.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/07/31 13:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/02/27 13:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2006/02/27 09:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(2)
[2006/02/27 09:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(3)
[2008/06/20 13:39:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2004/10/17 13:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IEService
[2011/02/16 08:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2005/09/27 11:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetVeda
[2006/02/25 23:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2002/03/14 03:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging
[2005/11/13 21:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2011/04/30 20:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/10/19 14:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Aim
[2010/10/15 10:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Canon
[2005/05/01 02:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\EPSON
[2003/11/15 00:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\FUJIFILM
[2006/04/26 18:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\ICAClient
[2010/11/18 09:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Image Zone Express
[2002/04/05 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\InterTrust
[2004/01/17 20:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Kontiki
[2004/02/26 21:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Leadertech
[2007/03/11 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Musicmatch
[2010/08/27 15:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Preclick
[2010/06/07 09:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Printer Info Cache
[2005/08/10 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Registry Defender
[2007/07/19 11:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Snapfish
[2008/02/13 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\TrueSwitch
[2007/04/03 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\monica\My Documents\revised porch.rtf:SummaryInformation

< End of report >
  • 0

#34
havredave
Posted 20 May 2011 - 08:49 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
It looks as if your copy/paste of the code in the box missed the :OTL at the top. Would you mind trying that run again, please?

That would include the quick scan, too. It's to see that our removal not only worked, but that our removal didn't make something else more obvious, so is necessary. :)
  • 0

#35
phedup
Posted 20 May 2011 - 01:51 PM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
oooops, here I scanned again, hopefully its all there, again no reboot, just a message box saying fix complete, two logs first one after fix, then second will be after quick scan

AFTER FIX:

========== OTL ==========
Service navapsvc stopped successfully!
Service navapsvc deleted successfully!
Service avg8wd stopped successfully!
Service avg8wd deleted successfully!
Service avg8emc stopped successfully!
Service avg8emc deleted successfully!
Service Symantec Core LC stopped successfully!
Service Symantec Core LC deleted successfully!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe moved successfully.
Service AvgLdx86 stopped successfully!
Service AvgLdx86 deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys moved successfully.
Service AvgMfx86 stopped successfully!
Service AvgMfx86 deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys moved successfully.
Error: Unable to stop service AvgTdiX!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgTdiX deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys moved successfully.
Service CO_Mon stopped successfully!
Service CO_Mon deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys moved successfully.
Service SymEvent stopped successfully!
Service SymEvent deleted successfully!
C:\Program Files\Symantec\SYMEVENT.SYS moved successfully.
Service symlcbrd stopped successfully!
Service symlcbrd deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys moved successfully.
Starting removal of ActiveX control {01012101-5E80-11D8-9E86-0007E96C65AE}
C:\WINDOWS\Downloaded Program Files\tgctlsr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01012101-5E80-11D8-9E86-0007E96C65AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01012101-5E80-11D8-9E86-0007E96C65AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{01012101-5E80-11D8-9E86-0007E96C65AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01012101-5E80-11D8-9E86-0007E96C65AE}\ not found.
Starting removal of ActiveX control {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
C:\WINDOWS\Downloaded Program Files\avsniff.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ not found.
Starting removal of ActiveX control {644E432F-49D3-41A1-8DD5-E099162EEEC5}
C:\WINDOWS\Downloaded Program Files\CabSA.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Starting removal of ActiveX control {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
C:\WINDOWS\Downloaded Program Files\mcfscan.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
C:\WINDOWS\SYSTEM32\avgrsstx.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
========== FILES ==========
File\Folder C:\Documents and Settings\monica\Desktop\asc4-setup-cnet.exe not found.
File\Folder C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job not found.
File\Folder C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar not found.
File\Folder C:\Documents and Settings\All Users\Application Data\IObit not found.
File\Folder C:\Documents and Settings\All Users\Application Data\Viewpoint not found.
File\Folder C:\Documents and Settings\monica\Application Data\AVGTOOLBAR not found.
File\Folder C:\Documents and Settings\monica\Application Data\IObit not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05202011_110048


AFTER QUICKSCAN:
OTL logfile created on: 5/20/2011 11:04:18 AM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\monica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 203.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 19.60 Gb Free Space | 52.66% Space Free | Partition Type: NTFS

Computer Name: DJHCGB11 | User Name: monica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/25 23:13:16 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe
PRC - [2001/03/16 03:59:00 | 000,165,888 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [1999/08/30 03:55:00 | 000,189,952 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/08/06 15:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (AvgTdiX)
DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\povrtdev.sys -- (msvad_simple)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/06/20 15:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/05/07 16:11:22 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2005/11/07 05:50:20 | 000,049,399 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mamotou.sys -- (mamotou)
DRV - [2005/08/17 23:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV - [2004/08/23 22:57:40 | 000,004,992 | ---- | M] ((Standard Mouse Types)) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amfilter.sys -- (Amfilter)
DRV - [2004/08/23 22:55:48 | 000,011,264 | R--- | M] ((Standard Mouse Types)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amusbprt.sys -- (Amusbprt)
DRV - [2004/08/04 00:31:18 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/11/07 05:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 05:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/01/24 12:13:06 | 000,024,197 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FTD2XX.sys -- (FTD2XX)
DRV - [2002/05/07 14:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V4CB013D.SYS -- (FINEPIX_PCC)
DRV - [2002/04/11 18:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbcm.sys -- (usbcm)
DRV - [2002/04/11 14:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2002/01/23 13:59:54 | 000,661,770 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmxp.sys -- (ltmodem5)
DRV - [2001/10/25 23:13:12 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/10/25 23:13:02 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/10/25 23:12:54 | 000,282,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/09/10 10:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/04 16:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/04 15:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 15:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/04 15:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/08/30 16:48:40 | 000,022,713 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/08/30 16:47:50 | 000,055,216 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2001/08/17 15:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/06/20 19:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/05/14 19:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2000/10/03 17:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.norwichbulletin.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/05/17 14:39:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.char...in/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...a/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1098019000060 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1139152115093 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam.atomic...activex/AMC.cab (Reg Error: Value error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft.../as5/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://www.csde.stat...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload.ma...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...eInstallSBC.exe (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\monica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\monica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 15:54:47 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\monica\Desktop\aswMBR.exe
[2011/05/19 12:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Desktop\gmer
[2011/05/17 14:39:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/14 20:37:49 | 006,389,088 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\monica\Desktop\AppRemover.exe
[2011/05/06 11:09:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/05/01 11:20:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/01 10:38:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/01 10:38:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/01 10:38:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/01 10:38:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/01 10:06:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/01 08:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/29 10:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\SUPERAntiSpyware.com
[2011/04/29 10:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/04/26 21:15:52 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/26 06:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2002/03/14 02:59:57 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\Documents and Settings\monica\*.tmp files -> C:\Documents and Settings\monica\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/19 16:23:21 | 000,001,099 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\One million tries later, hopefully this posts - Geeks to Go Forums - Page 3.url
[2011/05/19 15:55:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\MBR.dat
[2011/05/19 15:54:55 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\monica\Desktop\aswMBR.exe
[2011/05/19 15:50:25 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/19 15:50:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/19 15:50:04 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/19 15:15:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/19 15:15:37 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/19 12:35:58 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\gmer.zip
[2011/05/17 14:39:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/05/14 22:13:28 | 000,365,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/14 22:06:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/14 20:41:58 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\monica\Desktop\AppRemover.exe
[2011/05/14 15:00:58 | 000,449,146 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/14 15:00:58 | 000,075,164 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/14 14:40:37 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/05/06 10:30:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 14:01:31 | 000,000,111 | ---- | M] () -- C:\WINDOWS\password.klc
[2011/05/05 13:27:43 | 000,000,111 | ---- | M] () -- C:\password.klc
[2011/05/05 13:26:29 | 000,002,243 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/04 13:54:12 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\gmer.exe
[2011/04/27 09:40:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/26 21:15:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/26 14:57:55 | 000,003,450 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\Lenovo IdeaPad Laptop Computer U450P with Charger eBay.url
[1 C:\Documents and Settings\monica\*.tmp files -> C:\Documents and Settings\monica\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/19 16:23:21 | 000,001,099 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\One million tries later, hopefully this posts - Geeks to Go Forums - Page 3.url
[2011/05/19 15:55:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\MBR.dat
[2011/05/19 12:36:27 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\gmer.exe
[2011/05/16 10:24:27 | 535,904,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/05 13:27:43 | 000,000,111 | ---- | C] () -- C:\password.klc
[2011/05/01 10:38:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/01 10:38:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/01 10:38:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/01 10:38:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/01 10:38:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/01 10:29:20 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 19:43:03 | 000,002,243 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/26 06:13:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/23 09:57:32 | 000,003,450 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\Lenovo IdeaPad Laptop Computer U450P with Charger eBay.url
[2010/02/22 12:11:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/07/06 22:14:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2009/07/06 22:14:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/02/02 13:03:22 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/02/15 09:55:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/02/14 23:10:26 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/14 23:10:26 | 000,003,446 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/04 11:39:48 | 000,117,193 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/02/01 19:42:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/12/28 14:11:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/12/28 14:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/12/28 14:05:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/12/18 22:57:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/27 11:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 22:30:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/03/15 22:18:38 | 000,116,976 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/03/15 22:18:38 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/03/15 21:41:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/01/29 18:00:49 | 000,000,115 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/11/13 09:22:38 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PMUSERS.DAT
[2006/05/05 20:17:20 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/02/01 13:32:19 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/28 12:40:46 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/16 09:43:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\INSTAL~5.INI
[2005/04/23 13:46:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2005/04/23 13:44:05 | 000,000,059 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2005/02/25 11:10:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/07 10:21:04 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/10/17 12:56:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/10/17 12:45:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/10/17 12:42:06 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/08/07 18:52:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/08/06 13:25:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/09 03:15:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Amuninst.exe_A4M
[2004/07/08 15:15:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\Amuninst.exe
[2004/04/25 13:24:07 | 000,000,596 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/04/16 17:30:12 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/15 07:17:26 | 000,000,103 | ---- | C] () -- C:\WINDOWS\acezflowers.ini
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{9CFE8B7E-E685-4677-800E-EA4A246F46FD}.dat
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{33B24425-72FF-4B06-A6AB-93BB4AFA6B25}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{9DB2F4E0-9742-428F-AE76-2C6F19415860}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{18F95C32-F522-45E4-A145-5F11EE8C345B}.dat
[2004/03/18 19:37:38 | 000,000,055 | -H-- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/02/29 14:29:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2004/02/27 13:25:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/02/27 12:17:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/26 21:32:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/02/26 21:23:39 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/02/26 21:22:17 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2003/12/17 14:06:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2003/11/04 12:59:30 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2003/11/03 09:51:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/11/02 23:05:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 14:14:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/10/02 13:55:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2003/10/02 13:53:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2003/09/11 17:15:50 | 000,000,122 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2003/09/06 10:05:20 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2003/09/06 09:53:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/09/06 09:52:59 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/05/31 20:43:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[2003/04/30 22:07:18 | 000,000,206 | ---- | C] () -- C:\WINDOWS\skywriter.ini
[2003/02/01 14:58:10 | 000,000,085 | ---- | C] () -- C:\WINDOWS\TaxACT02.ini
[2002/11/22 22:57:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\ssdlc.dat
[2002/11/14 15:20:44 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CDS6300.ini
[2002/09/15 20:56:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2002/07/02 15:22:21 | 000,000,394 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/06/10 20:54:44 | 000,000,311 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2002/05/04 17:46:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/04/12 09:49:05 | 000,001,325 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/04/11 14:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/07 11:35:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/04/05 18:22:11 | 000,000,405 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2002/04/04 15:46:20 | 000,011,692 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/04/03 13:25:08 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\monica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/04/03 09:36:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/04/02 22:11:25 | 000,022,016 | ---- | C] () -- C:\WINDOWS\tstnet.exe
[2002/04/02 22:11:25 | 000,019,968 | ---- | C] () -- C:\WINDOWS\NetworkTest.exe
[2002/03/14 03:05:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/03/14 02:59:36 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2002/03/14 02:59:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/03/14 02:59:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/03/14 02:58:21 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/03/14 02:58:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/03/14 02:58:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/03/14 02:57:52 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/03/14 02:56:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2002/03/14 02:55:01 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/14 02:49:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2002/03/14 02:22:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/15 10:53:56 | 000,365,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/15 10:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/11/15 09:39:06 | 000,449,146 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2001/11/15 09:39:06 | 000,075,164 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2001/11/15 09:31:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/11/15 09:28:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/08/23 17:07:14 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/08/23 17:07:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/08/06 15:41:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Nhksrv.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/07/31 13:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/02/27 13:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2006/02/27 09:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(2)
[2006/02/27 09:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(3)
[2008/06/20 13:39:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2004/10/17 13:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IEService
[2011/02/16 08:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2005/09/27 11:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetVeda
[2006/02/25 23:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2002/03/14 03:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging
[2005/11/13 21:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2011/04/30 20:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/10/19 14:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Aim
[2010/10/15 10:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Canon
[2005/05/01 02:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\EPSON
[2003/11/15 00:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\FUJIFILM
[2006/04/26 18:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\ICAClient
[2010/11/18 09:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Image Zone Express
[2002/04/05 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\InterTrust
[2004/01/17 20:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Kontiki
[2004/02/26 21:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Leadertech
[2007/03/11 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Musicmatch
[2010/08/27 15:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Preclick
[2010/06/07 09:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Printer Info Cache
[2005/08/10 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Registry Defender
[2007/07/19 11:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Snapfish
[2008/02/13 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\TrueSwitch
[2007/04/03 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\monica\My Documents\revised porch.rtf:SummaryInformation

< End of report >
  • 0

#36
havredave
Posted 20 May 2011 - 02:53 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Have the changes from the last scan improved performance any?

It did run successfully - I see a fragment I missed that we'll get after I clear it with my trainer though.
  • 0

#37
havredave
Posted 20 May 2011 - 03:03 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
The bit of chaff still in your log should actually be cleared by simply rebooting your computer. If you would, restart, and then let me know about system performance or any oddities you might notice.

After your feedback, I'll have just a few last things for you to do after I get the OK from my trainer.
  • 0

#38
phedup
Posted 21 May 2011 - 07:11 AM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi, I rebooted, still moving slowly, but that might be all the junk that needs to be cleaned up, I think I have alot of things running at startup that ought not be, perhaps when this other issue is cleared you would be so kind as to help me with that, because when this entire ordeal began it began with all of my services being disabled, I had to poke around and figure out why, and had discovered many things had been set to disabled I utilized a website that listed the settings for services.msc for 32 bit xp, so whatever this virus was it shut me down, my firewall, internet etc.... so please advise me on the next move I should make, and again I truly appreiate and have enjoyed your help.
Monica
  • 0

#39
havredave
Posted 21 May 2011 - 10:45 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Good morning. :)

Post pending approval. Stay tuned!
  • 0

#40
havredave
Posted 21 May 2011 - 12:09 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Alright, let's try an Avast boot-time scan - and yes, I'll certainly help with speeding the machine up. I've gone over your services too, and like you found with the service list you ran across, they appear to be set to correct startup values against the sheet I have as well. Good job on that. :)

First

Let's update Avast.
  • Open Avast, and click the Maintenance tab, on the left. Click the "Update Program" button, and wait for it to update, or tell you the product is up to date. Repeat this until it tells you it's up to date.
  • Click the "Update engine and virus definitions" button, and wait for it to update. Repeat this until it tells you it's up to date.

Next

Set up a boot-time scan.
  • Click the "Scan Computer" tab on the left.
  • Click "Boot-time Scan", also on the left.
  • Click the "Schedule Now" button on the right.
  • Click the "Restart Now" link that appears slightly under the Schedule button, let the machine restart and scan.

Please reply with the scan log from that run. You can find the "Scan Logs" selection in the "Scan Computer" tab, right below the Boot-time scan button.

Optionally

One thing I can see right away that could absorb performance loss is more system RAM (memory). You have 512MB, some of which is shared with video, it appears. Really, that's not enough to comfortably run Windows XP with up-to-date protection software installed. Upgrading that with an extra gigabyte would probably be great money spent, and shouldn't cost all that much, depending on the type of RAM you have. Most any reputable computer shop can help you with that if you're not comfortable with it. In fact I'd recommend having a professional do it if you haven't done it before. I don't imagine you'll end up spending more than around $50 for the RAM itself, then a modest shop charge depending on where you can take it.

Keep in mind that your odd boot issues can be caused by faulty RAM, among other things. If you wish, this might be a good opportunity to have the existing RAM tested to see if it might have been at fault.

Do you know what processor your machine has installed? You can easily find out by right-clicking your My Computer icon (whether it be on the desktop or under your start button), and choosing "Properties". The resulting window has several tabs. Stay on the default General tab, and wait a moment for it to fill out. It gives you manufacturer (usually), processor (CPU) and RAM information that can be useful. The part in the "Computer:" section is of value to us at the moment.

The next few items are standard maintenance, but could help depending on how long it has been since last done:
  • Running the disk cleanup utility built into Windows isn't a bad idea. Click Start, choose All Programs, then Accessories, then System Tools, and find Disk Cleanup therein. It's easy to run; the only thing I wouldn't recommend checking the box for in the list it provides would be Office Installation Files. It makes life a bit more difficult to to Office updates if those files aren't there, granted you even have them.
  • Defragment your computer (I see you have Puran installed). I like doing a disk cleanup before a defrag so there is more free space to work with, plus fewer files to actually defragment, making the process more efficient.

I'll look over some other things we can do as well, such as a few more installed programs that could be disabled or removed. Overall, I'd guess the RAM would be your best upgrade in general.

So, to recap, please post back with the Avast scan results, your processor information, and do please let me know if you've tried any of the optional steps, and which helped and which didn't.
  • 0

Advertisements

#41
phedup
Posted 22 May 2011 - 07:05 PM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Well apparently i'm one dirty girl, the avast boot scan found alot of corrupted files, but more importantly foun 6 infected files, I am trying to figure out how to supply the scan log, I can't seem to right click and copy paste, 5 of the infected files are "high" severity, 3 sucessully moved to chest 2 sucessfully deleted and one said cannot process the file fecause it was being used by another process, I will wait to hear from you as to how to try to post the scan log, but, it doesn't look good, and I feel like I have bigtime cooties.
  • 0

#42
havredave
Posted 23 May 2011 - 10:56 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
That gave me quite the chuckle. :unsure:

I'll tell you what - if you can take a screenshot and post that, it would probably do nicely. Alternatively, writing down and posting the filenames and paths would work too, with the infection name it found for each.

To take a screenshot, select the window you'd like to take a screenshot of, and press Alt-PrintScrn. That'll copy that window to the clipboard, and you can then paste it into Paint or another program of your choosing that can handle image editing. Save it, and attach it. Alternatively, you can just press PrintScrn and it will grab a picture of the entire desktop.

I can get more detailed, if you wish :)
  • 0

#43
phedup
Posted 23 May 2011 - 11:49 AM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Well if you got a kick out of that your'e gonna really like this.... I went into the boot scan log to get a screen shot, and clicked on the "detail" button...... ummmm wait... as soon as I clicked it I realized it said "delete", I would like to chalk that up to a blonde moment, lol
I did scribble down the names of the "infections" , I currently am rescanning the system, but heres the names, if you need the complete file path I wrote them down but wouldn't swear to the accuracy of my copying... (see the incident above )

I seem to have Alureon-G@mbr...
JS:Pdfka-gen
Win32:Bredolab-Ap[trj] (I couldn't move this one) it said at C:\hiberfil.sys and from what I have researched this one has to do with the hibernation thing probably why I couldn't move it,

then I had a win32 Rootkit-gen
I will see what I can do to get the actual file paths , maybe out of the chest,I will be back in touch, see I told you, a tad dirty eh??
  • 0

#44
havredave
Posted 23 May 2011 - 12:50 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
I'm getting a post ready for you with instructions on clearing up that hibernation file issue and a couple other settings I'd like to try in relation to your reboot issue. I'll post as soon as it's cleared and I educate myself a little bit on how to post part of it. :)
  • 0

#45
havredave
Posted 23 May 2011 - 02:50 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Oops, well, things like that happen. It's not a deal-breaker by any means. :)

I would like the file paths if you can provide them. I suspect we've already dealt with most of them, and the infected files are being found in quarantines, but I'd like to be sure.

In order to reset the hibernation file, I'd like to walk you through disabling hibernation, which might just cure your reboot issues as well, but we'll see.

To disable hibernation on Windows XP:
  • Click start, and open your Control Panel
  • Double-click Power Options
  • Depending on your computer manufacturer, you may have a custom power manager, but the default will have several tabs across the top. If you don't have the default Windows power manager, please stop and let me know what came up.
  • Click the Hibernate tab

    Hibernate.JPG
  • Uncheck "Enable Hibernation"
  • Press the OK button
  • Restart your computer

The hibernation file should be gone at this time.

In your particular case, I would recommend also turning off system standby and hard disk standby, in the Power Schemes tab of the same Control Panel option.

Power Schemes.JPG

If it were a laptop I wouldn't really recommend turning those features off, but for a desktop, I find it runs smoother over the long term with them disabled.

Please schedule another boot-time scan and see if we didn't nip the issues in the bud this time. Post back with anything Avast finds, and how you feel the machine is running.

Also, have you looked into the RAM issue yet?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP